Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ListaItensVistoriaCorpodeBombeirosObrigatorio.msi

Overview

General Information

Sample name:ListaItensVistoriaCorpodeBombeirosObrigatorio.msi
Analysis ID:1561812
MD5:8a685b955bed68d969ddea75d5ce51bf
SHA1:2c66035dda36813b6d139c228148ce3a7faca9c2
SHA256:1484770b005cef914a0710b85d2c57ad96c1c48abbeb0f3c4055b19c1299d12e
Tags:msiuser-JAMESWT_MHT
Infos:

Detection

AteraAgent
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AteraAgent
AI detected suspicious sample
Creates files in the system32 config directory
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Reads the Security eventlog
Reads the System eventlog
Yara detected Generic Downloader
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Uses net.exe to stop services
Uses taskkill to terminate processes
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 5720 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\ListaItensVistoriaCorpodeBombeirosObrigatorio.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 1476 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 6008 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 399844DB614D5E1E27E49AAF003F570D MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • rundll32.exe (PID: 5032 cmdline: rundll32.exe "C:\Windows\Installer\MSIE1AC.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4710906 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 5020 cmdline: rundll32.exe "C:\Windows\Installer\MSIE3EF.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4711453 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 5548 cmdline: rundll32.exe "C:\Windows\Installer\MSIFDA2.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4718015 11 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 7252 cmdline: rundll32.exe "C:\Windows\Installer\MSI1EAC.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4726484 33 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd MD5: 889B99C52A60DD49227C5E485A016679)
    • msiexec.exe (PID: 5084 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 04E8F29C9872C7FAF44877CCF53966A9 E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • net.exe (PID: 4484 cmdline: "NET" STOP AteraAgent MD5: 31890A7DE89936F922D44D677F681A7F)
        • conhost.exe (PID: 1628 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • net1.exe (PID: 1272 cmdline: C:\Windows\system32\net1 STOP AteraAgent MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)
      • taskkill.exe (PID: 1988 cmdline: "TaskKill.exe" /f /im AteraAgent.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 6548 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AteraAgent.exe (PID: 6204 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="comunicado@gestorempresas.digital" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q3000006YrPqIAK" /AgentId="036a7bb6-e9ab-4003-820d-512fa1b48707" MD5: 477293F80461713D51A98A24023D45E8)
  • AteraAgent.exe (PID: 6220 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" MD5: 477293F80461713D51A98A24023D45E8)
    • sc.exe (PID: 5560 cmdline: "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000 MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • conhost.exe (PID: 7064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 7604 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 036a7bb6-e9ab-4003-820d-512fa1b48707 "947f5ffd-2187-4fed-88a8-f6375fd81e42" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q3000006YrPqIAK MD5: FD9DF72620BCA7C4D48BC105C89DFFD2)
      • conhost.exe (PID: 7612 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 7976 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 036a7bb6-e9ab-4003-820d-512fa1b48707 "d33bc958-4922-4182-b68f-3483e8de9f0d" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q3000006YrPqIAK MD5: FD9DF72620BCA7C4D48BC105C89DFFD2)
      • conhost.exe (PID: 7984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 8156 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 036a7bb6-e9ab-4003-820d-512fa1b48707 "74b28cea-d314-412b-b1ac-0c6c5fd129c1" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q3000006YrPqIAK MD5: FD9DF72620BCA7C4D48BC105C89DFFD2)
      • conhost.exe (PID: 8164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLogJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
    C:\Windows\Temp\~DFC62927D95770B6A7.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
      C:\Windows\Temp\~DF249BEF134D41FAF6.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
        C:\Windows\Temp\~DF4CDBAE97BB9B291A.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
          C:\Config.Msi\47e055.rbsJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
            Click to see the 14 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000018.00000002.3042477973.000001A0DA9DB000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
              0000000E.00000002.3300930591.000001DD52F31000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                0000000D.00000002.2192537362.000001A39A57E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                  00000018.00000002.3042477973.000001A0DA9BB000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                    0000000D.00000002.2192537362.000001A39A5A6000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                      Click to see the 87 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      19.2.AgentPackageAgentInformation.exe.1c717520000.1.unpackJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                        13.0.AteraAgent.exe.1a3ff0a0000.0.unpackJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                          19.0.AgentPackageAgentInformation.exe.1c717170000.0.unpackJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                            19.0.AgentPackageAgentInformation.exe.1c717170000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

                              Sigma Signatures

                              Sigma detected: Net.exe Execution
                              Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: "NET" STOP AteraAgent, CommandLine: "NET" STOP AteraAgent, CommandLine|base64offset|contains: I3, Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 04E8F29C9872C7FAF44877CCF53966A9 E Global\MSI0000, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 5084, ParentProcessName: msiexec.exe, ProcessCommandLine: "NET" STOP AteraAgent, ProcessId: 4484, ProcessName: net.exe
                              Sigma detected: Stop Windows Service Via Net.EXE
                              Source: Process startedAuthor: Jakob Weinzettl, oscd.community, Nasreddine Bencherchali (Nextron Systems): Data: Command: "NET" STOP AteraAgent, CommandLine: "NET" STOP AteraAgent, CommandLine|base64offset|contains: I3, Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 04E8F29C9872C7FAF44877CCF53966A9 E Global\MSI0000, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 5084, ParentProcessName: msiexec.exe, ProcessCommandLine: "NET" STOP AteraAgent, ProcessId: 4484, ProcessName: net.exe

                              Suricata Signatures

                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-11-24T11:25:25.778280+010028033053Unknown Traffic192.168.2.54973413.232.67.199443TCP
                              2024-11-24T11:25:28.990578+010028033053Unknown Traffic192.168.2.54974513.232.67.199443TCP
                              2024-11-24T11:26:13.910535+010028033053Unknown Traffic192.168.2.54985413.232.67.199443TCP
                              2024-11-24T11:26:25.047999+010028033053Unknown Traffic192.168.2.54988413.232.67.199443TCP
                              2024-11-24T11:26:31.728631+010028033053Unknown Traffic192.168.2.54990313.232.67.199443TCP
                              2024-11-24T11:26:37.658515+010028033053Unknown Traffic192.168.2.54992113.232.67.199443TCP
                              2024-11-24T11:26:43.807305+010028033053Unknown Traffic192.168.2.54994313.232.67.199443TCP
                              2024-11-24T11:26:49.632144+010028033053Unknown Traffic192.168.2.54996713.232.67.199443TCP
                              2024-11-24T11:26:53.737019+010028033053Unknown Traffic192.168.2.54998513.232.67.199443TCP
                              2024-11-24T11:26:57.445153+010028033053Unknown Traffic192.168.2.55000113.232.67.199443TCP
                              2024-11-24T11:27:04.212827+010028033053Unknown Traffic192.168.2.55003313.232.67.199443TCP
                              2024-11-24T11:27:10.875270+010028033053Unknown Traffic192.168.2.55005613.232.67.199443TCP

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Multi AV Scanner detection for dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeReversingLabs: Detection: 26%
                              Multi AV Scanner detection for submitted file
                              Source: ListaItensVistoriaCorpodeBombeirosObrigatorio.msiReversingLabs: Detection: 26%
                              AI detected suspicious sample
                              Source: Submited SampleIntegrated Neural Analysis Model: Matched 94.9% probability
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLogJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLogJump to behavior
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49722 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49721 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 108.158.75.46:443 -> 192.168.2.5:49747 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49885 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49884 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49904 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49903 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49922 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49921 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49941 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49943 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49961 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49967 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49985 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49987 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49988 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:50014 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:50020 version: TLS 1.2
                              Source: Binary string: \??\C:\Windows\symbols\dll\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2111029164.0000000002837000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2266567631.000000000277B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2265606701.0000000002779000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\Windows\AlphaControlAgentInstallation.pdbpdbion.pdb% source: rundll32.exe, 00000012.00000002.2268573766.0000000006CA0000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: ?&nC:\Windows\Installer\MSIE3EF.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2110117921.0000000000147000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000D.00000000.2134604036.000001A3FF0A2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.1.dr
                              Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: rundll32.exe, 00000005.00000002.2112446164.0000000006CA0000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000013.00000002.2405538328.000001C717522000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.14.dr
                              Source: Binary string: \??\C:\Windows\symbols\dll\System.pdbs source: rundll32.exe, 00000005.00000003.2109897446.00000000027C6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2110920754.00000000027C6000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: n\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2110117921.0000000000147000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2266038564.0000000000177000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000012.00000003.2265648378.0000000002741000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2266361891.0000000002741000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: BouncyCastle.Crypto.pdbSHA256 source: BouncyCastle.Crypto.dll.1.dr
                              Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000004.00000003.2048777891.00000000045AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041B7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.000000000409F000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.dr
                              Source: Binary string: \??\C:\Windows\System.pdbG source: rundll32.exe, 00000005.00000002.2112446164.0000000006C70000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\symbols\dll\System.pdbO source: rundll32.exe, 00000005.00000003.2109897446.00000000027C6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2110920754.00000000027C6000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000D.00000000.2134604036.000001A3FF0A2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.1.dr
                              Source: Binary string: C:\Windows\System.pdbpdbtem.pdbtVb source: rundll32.exe, 00000005.00000002.2112446164.0000000006CB9000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\symbols\dll\System.pdbX source: rundll32.exe, 00000012.00000002.2266567631.000000000277B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2265606701.0000000002779000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 0000000E.00000002.3309353035.000001DD6BDA2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.dr
                              Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 0000000E.00000002.3309353035.000001DD6BDA2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.dr
                              Source: Binary string: ll\AlphaControlAgentInstallation.pdb* source: rundll32.exe, 00000012.00000003.2265560827.0000000006CB9000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307205402.000001DD6B762000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.dr
                              Source: Binary string: \??\C:\Windows\symbols\dll\System.pdb source: rundll32.exe, 00000012.00000002.2266567631.000000000277B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2265606701.0000000002779000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdbs source: rundll32.exe, 00000005.00000003.2109897446.00000000027C6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2110920754.00000000027C6000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA70000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000000.2365900358.000001C717172000.00000002.00000001.01000000.00000016.sdmp, AgentPackageAgentInformation.exe.14.dr
                              Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000004.00000003.2048777891.00000000045AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2112446164.0000000006CA0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2111029164.000000000284C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041B7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2109746555.000000000284C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2265560827.0000000006CB9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2268599541.0000000006CBB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2266567631.000000000277B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2265606701.0000000002779000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.000000000409F000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.6.dr
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AgentPackageAgentInformation.exe, 00000013.00000002.2406290953.000001C730322000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.14.dr
                              Source: Binary string: C:\Windows\System.pdbpdbtem.pdb source: rundll32.exe, 00000012.00000002.2268573766.0000000006CA0000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307205402.000001DD6B762000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2406290953.000001C730322000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.14.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.dr
                              Source: Binary string: C:\Windows\AlphaControlAgentInstallation.pdbpdbion.pdb source: rundll32.exe, 00000005.00000002.2112446164.0000000006C70000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, 47e056.msi.1.dr, MSI5.tmp.1.dr, MSI74.tmp.1.dr, MSIFFF5.tmp.1.dr
                              Source: Binary string: ?&nC:\Windows\Installer\MSI1EAC.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000012.00000002.2266038564.0000000000177000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: dows\dll\System.pdb source: rundll32.exe, 00000005.00000002.2112446164.0000000006C70000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000004.00000003.2048777891.00000000045AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041B7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.000000000409F000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.dr
                              Source: Binary string: \??\C:\Windows\System.pdb source: rundll32.exe, 00000005.00000002.2112446164.0000000006C70000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdbvider source: rundll32.exe, 00000005.00000003.2109897446.00000000027C6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2110920754.00000000027C6000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbI source: rundll32.exe, 00000005.00000002.2111029164.000000000284C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2109746555.000000000284C000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000013.00000002.2405538328.000001C717522000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.14.dr
                              Source: Binary string: \??\C:\Windows\dll\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000003.2109728744.0000000006CC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2265560827.0000000006CB9000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\Installer\MSI1EAC.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000012.00000003.2265648378.0000000002741000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2266361891.0000000002741000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: System.pdb source: rundll32.exe, 00000005.00000002.2112446164.0000000006CA0000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\Installer\MSIE3EF.tmp-\AlphaControlAgentInstallation.PDB source: rundll32.exe, 00000005.00000003.2109897446.00000000027C6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2110920754.00000000027C6000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: rundll32.exe, 00000005.00000002.2111029164.000000000284C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2109746555.000000000284C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2266567631.000000000277B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2265606701.0000000002779000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000D.00000002.2195101217.000001A3FF592000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.1.dr
                              Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000D.00000002.2195101217.000001A3FF592000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.1.dr
                              Source: Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdb \ source: rundll32.exe, 00000012.00000003.2265648378.0000000002741000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2266361891.0000000002741000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, 47e056.msi.1.dr, MSI1EAC.tmp.1.dr, MSIE3EF.tmp.1.dr, 47e054.msi.1.dr
                              Source: Binary string: BouncyCastle.Crypto.pdb source: BouncyCastle.Crypto.dll.1.dr
                              Source: Binary string: \??\C:\Windows\Installer\MSI1EAC.tmp-\AlphaControlAgentInstallation.PDB source: rundll32.exe, 00000012.00000003.2265648378.0000000002741000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2266361891.0000000002741000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\Installer\MSIE3EF.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000003.2109897446.00000000027C6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2110920754.00000000027C6000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\Installer\MSI1EAC.tmp-\AlphaControlAgentInstallation.pdbW source: rundll32.exe, 00000012.00000003.2265648378.0000000002741000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2266361891.0000000002741000.00000004.00000020.00020000.00000000.sdmp
                              Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile opened: c:
                              Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848AA1FFFh13_2_00007FF848AA1EB6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848AA1FFFh13_2_00007FF848AA1E88
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848AA1FFFh13_2_00007FF848AA1E7E
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848AA1873h13_2_00007FF848AA184E
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848AA1A44h13_2_00007FF848AA184E
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848AA1873h13_2_00007FF848AA0C1D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848AA1A44h13_2_00007FF848AA0C1D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848AA1FFFh13_2_00007FF848AA0C1D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848AA227Bh13_2_00007FF848AA0C1D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848A81873h14_2_00007FF848A80C58
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848A81A44h14_2_00007FF848A80C58
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848A81FFFh14_2_00007FF848A80C58
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848A8227Bh14_2_00007FF848A80C58
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848A84ECBh14_2_00007FF848A84C41
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848A9B572h14_2_00007FF848A9B1E7
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848A84ECBh14_2_00007FF848A84DC8
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848A81FFFh14_2_00007FF848A81EB6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FF848A9B572h14_2_00007FF848A9B220

                              Networking

                              barindex
                              Yara detected Generic Downloader
                              Source: Yara matchFile source: 19.0.AgentPackageAgentInformation.exe.1c717170000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fbc5619b-ff2b-4cc2-bf14-e4eb42ae8834&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Host: ps.pndsn.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=10b48a2e-94d5-4663-b23c-61fa3a71d716&tt=0&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=30556299-8b6f-404b-8ffa-af2979283dda&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9dbd0473-c525-491a-8cab-a2fddc92f86f&tr=33&tt=17324439224725513&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?nvP40guF0IbHZ24g5/VirY+cw7Yp6pOjsxzTPLvYHk5f5QaUcIw2CAzGGlirMWb5 HTTP/1.1Host: ps.atera.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cbed27f6-54fb-43c4-9cab-08a80ac08544&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7bd6a0de-bd6a-4dd0-b04d-32ffbb137167&tr=33&tt=17324439254010166&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fc5b0f0f-6a56-401f-80e9-8be81399a636&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=4b3421ac-d387-427b-9ddb-b94f88f1e703&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=98e68274-5d6c-46f9-8e1c-6ac34eaaed9f&tr=33&tt=17324439817091491&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=254b40c1-e391-4dc5-a3fc-b4191829120e&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=47d3572d-5ec1-4a16-8b18-b7c076a038fc&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=985e6a88-0b57-4d38-a817-216eb6ef36a4&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c1866262-6dbe-4127-848d-fdd2fb9c798a&tt=0&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f5d904fa-4ebd-4e88-9d51-8bf1316d9b84&tr=33&tt=17324439817091491&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d564941f-31f4-4f1e-8cfa-ab39104c2c32&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=52166139-0835-47a8-ba03-8e3021aadb32&tr=33&tt=17324439964531271&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=19e1beb7-925e-45d7-a87b-447402156469&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=b1f9d30a-4d02-478f-8a1f-0bd9525f8618&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=fcf91bbd-a68f-4612-8a5c-20499ac2cc1d&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7e86a2c4-8170-4152-af60-04b88101e9d5&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=af9dd924-082e-4d82-abb8-ee5a0258cedd&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5f892e17-d237-499c-b959-33b14b4a20de&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=27575d4d-f049-4af3-98fd-29c9ab567af2&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=13748a53-9ba4-4d0b-89eb-106bb5773f70&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=4e8081eb-de73-414b-8c17-81b909623b91&tt=0&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=beca1352-9fbb-4086-9d34-96d86fc42e76&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b47dd5fd-0c11-44f6-8bad-5d4a9e7556e2&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b0e0aedc-7feb-42fd-9d01-6a81d3a7a14a&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=49582081-0068-4f70-b5a7-3884c66622b6&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=198af10c-e838-4982-a564-e08a82a398e4&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=6c5d24e4-0b70-422e-83c6-48afa7e568d5&tt=0&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7cb6273b-9aee-4659-b8d3-39f4cff22a24&tt=0&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=025e58c1-51ad-4981-aee3-45a08882b1fd&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=30375e3f-fc42-4065-9040-b7e8eb57771a&tr=33&tt=17324440191471823&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49734 -> 13.232.67.199:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49745 -> 13.232.67.199:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49854 -> 13.232.67.199:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49884 -> 13.232.67.199:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49985 -> 13.232.67.199:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49903 -> 13.232.67.199:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49943 -> 13.232.67.199:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50001 -> 13.232.67.199:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50056 -> 13.232.67.199:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49967 -> 13.232.67.199:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49921 -> 13.232.67.199:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50033 -> 13.232.67.199:443
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fbc5619b-ff2b-4cc2-bf14-e4eb42ae8834&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Host: ps.pndsn.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=10b48a2e-94d5-4663-b23c-61fa3a71d716&tt=0&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=30556299-8b6f-404b-8ffa-af2979283dda&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9dbd0473-c525-491a-8cab-a2fddc92f86f&tr=33&tt=17324439224725513&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?nvP40guF0IbHZ24g5/VirY+cw7Yp6pOjsxzTPLvYHk5f5QaUcIw2CAzGGlirMWb5 HTTP/1.1Host: ps.atera.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cbed27f6-54fb-43c4-9cab-08a80ac08544&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7bd6a0de-bd6a-4dd0-b04d-32ffbb137167&tr=33&tt=17324439254010166&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fc5b0f0f-6a56-401f-80e9-8be81399a636&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=4b3421ac-d387-427b-9ddb-b94f88f1e703&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=98e68274-5d6c-46f9-8e1c-6ac34eaaed9f&tr=33&tt=17324439817091491&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=254b40c1-e391-4dc5-a3fc-b4191829120e&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=47d3572d-5ec1-4a16-8b18-b7c076a038fc&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=985e6a88-0b57-4d38-a817-216eb6ef36a4&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c1866262-6dbe-4127-848d-fdd2fb9c798a&tt=0&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f5d904fa-4ebd-4e88-9d51-8bf1316d9b84&tr=33&tt=17324439817091491&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d564941f-31f4-4f1e-8cfa-ab39104c2c32&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=52166139-0835-47a8-ba03-8e3021aadb32&tr=33&tt=17324439964531271&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=19e1beb7-925e-45d7-a87b-447402156469&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=b1f9d30a-4d02-478f-8a1f-0bd9525f8618&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=fcf91bbd-a68f-4612-8a5c-20499ac2cc1d&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7e86a2c4-8170-4152-af60-04b88101e9d5&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=af9dd924-082e-4d82-abb8-ee5a0258cedd&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5f892e17-d237-499c-b959-33b14b4a20de&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=27575d4d-f049-4af3-98fd-29c9ab567af2&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=13748a53-9ba4-4d0b-89eb-106bb5773f70&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=4e8081eb-de73-414b-8c17-81b909623b91&tt=0&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=beca1352-9fbb-4086-9d34-96d86fc42e76&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b47dd5fd-0c11-44f6-8bad-5d4a9e7556e2&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b0e0aedc-7feb-42fd-9d01-6a81d3a7a14a&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=49582081-0068-4f70-b5a7-3884c66622b6&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=198af10c-e838-4982-a564-e08a82a398e4&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=6c5d24e4-0b70-422e-83c6-48afa7e568d5&tt=0&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7cb6273b-9aee-4659-b8d3-39f4cff22a24&tt=0&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=025e58c1-51ad-4981-aee3-45a08882b1fd&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=30375e3f-fc42-4065-9040-b7e8eb57771a&tr=33&tt=17324440191471823&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficDNS traffic detected: DNS query: agent-api.atera.com
                              Source: global trafficDNS traffic detected: DNS query: ps.pndsn.com
                              Source: global trafficDNS traffic detected: DNS query: ps.atera.com
                              Source: AteraAgent.exe, 0000000D.00000000.2134604036.000001A3FF0A2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52E31000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe.1.drString found in binary or memory: http://acontrol.atera.com/
                              Source: rundll32.exe, 00000005.00000002.2111430509.00000000043A5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53496000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD534D3000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2267776351.0000000004555000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2405717306.000001C717CDF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2890703080.00000281D927F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.3043333128.000001A0DB24F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://agent-api.atera.com
                              Source: rundll32.exe, 00000005.00000002.2111430509.00000000043A5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53496000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2267776351.0000000004555000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2405717306.000001C717CDF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2890703080.00000281D927F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.3043333128.000001A0DB24F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://atera-agent-api-eu.westeurope.cloudapp.azure.com
                              Source: AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicerZ
                              Source: AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 47e056.msi.1.dr, MSI5.tmp.1.dr, MSI74.tmp.1.dr, MSIFFF5.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA70000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, AgentPackageAgentInformation.exe.14.dr, 47e056.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, Atera.AgentPackage.Common.dll.14.dr, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.14.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.drString found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 47e056.msi.1.dr, MSI5.tmp.1.dr, MSI74.tmp.1.dr, MSIFFF5.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmp, C56C4404C4DEF0DC88E5FCD9F09CB2F10.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
                              Source: AteraAgent.exe, 0000000D.00000002.2192537362.000001A39A57E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A240000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2191000127.000001A381A99000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3306452994.000001DD6B530000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3306452994.000001DD6B502000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3308592482.000001DD6BB70000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA4F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA70000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, AgentPackageAgentInformation.exe.14.dr, 47e056.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, Atera.AgentPackage.Common.dll.14.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.14.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A240000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA70000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6B9C0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, AgentPackageAgentInformation.exe.14.dr, 47e056.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, Atera.AgentPackage.Common.dll.14.dr, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.14.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                              Source: F2E248BEDDBB2D85122423C41028BFD40.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3306452994.000001DD6B5C0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA70000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA09000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2406499344.000001C73045F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2890146542.00000281D9075000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2890146542.00000281D8FF9000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.3044701956.000001A0F3A1B000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.3044701956.000001A0F3A36000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, AgentPackageAgentInformation.exe.14.dr, 47e056.msi.1.dr, C56C4404C4DEF0DC88E5FCD9F09CB2F1.14.dr, ICSharpCode.SharpZipLib.dll.1.dr, Atera.AgentPackage.Common.dll.14.dr, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 47e056.msi.1.dr, MSI5.tmp.1.dr, MSI74.tmp.1.dr, MSIFFF5.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA70000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, AgentPackageAgentInformation.exe.14.dr, 47e056.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, Atera.AgentPackage.Common.dll.14.dr, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.14.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 47e056.msi.1.dr, MSI5.tmp.1.dr, MSI74.tmp.1.dr, MSIFFF5.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.drString found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 47e056.msi.1.dr, MSI5.tmp.1.dr, MSI74.tmp.1.dr, MSIFFF5.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
                              Source: AteraAgent.exe, 0000000E.00000002.3306452994.000001DD6B5C0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
                              Source: AteraAgent.exe, 0000000D.00000002.2192537362.000001A39A57E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A240000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2191000127.000001A381A99000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3306452994.000001DD6B530000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3306452994.000001DD6B502000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3308592482.000001DD6BB70000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA4F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA70000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, AgentPackageAgentInformation.exe.14.dr, 47e056.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, Atera.AgentPackage.Common.dll.14.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.14.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                              Source: AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crli
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A240000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA70000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6B9C0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, AgentPackageAgentInformation.exe.14.dr, 47e056.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, Atera.AgentPackage.Common.dll.14.dr, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.14.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                              Source: AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A336000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A240000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A2A8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3306452994.000001DD6B530000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6B9C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
                              Source: BouncyCastle.Crypto.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                              Source: AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A240000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6B9C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlL
                              Source: AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlb
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 47e056.msi.1.dr, MSI5.tmp.1.dr, MSI74.tmp.1.dr, MSIFFF5.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
                              Source: AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A2A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/l
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 47e056.msi.1.dr, MSI5.tmp.1.dr, MSI74.tmp.1.dr, MSIFFF5.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                              Source: AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A32A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlche
                              Source: AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A32A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedRootG4.crllorer
                              Source: AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A240000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A2C3000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A2A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/
                              Source: AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6B9C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/3
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 47e056.msi.1.dr, MSI5.tmp.1.dr, MSI74.tmp.1.dr, MSIFFF5.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                              Source: AteraAgent.exe, 0000000E.00000002.3306452994.000001DD6B5C0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
                              Source: AteraAgent.exe, 0000000D.00000002.2192537362.000001A39A57E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A240000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2191000127.000001A381A99000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3306452994.000001DD6B530000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3306452994.000001DD6B502000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3308592482.000001DD6BB70000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA4F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA70000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, AgentPackageAgentInformation.exe.14.dr, 47e056.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, Atera.AgentPackage.Common.dll.14.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.14.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl8
                              Source: AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A32A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl=I
                              Source: AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A32A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlIKL
                              Source: AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlL
                              Source: AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6B9A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlh
                              Source: AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A32A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlsH
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 47e056.msi.1.dr, MSI5.tmp.1.dr, MSI74.tmp.1.dr, MSIFFF5.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
                              Source: AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A2A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/l
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 47e056.msi.1.dr, MSI5.tmp.1.dr, MSI74.tmp.1.dr, MSIFFF5.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                              Source: AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A32A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3306452994.000001DD6B5C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlche
                              Source: AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                              Source: AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6B9C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                              Source: AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA70000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000000.2365900358.000001C717172000.00000002.00000001.01000000.00000016.sdmp, AgentPackageAgentInformation.exe.14.drString found in binary or memory: http://dl.google.com/googletalk/googletalk-setup.exe
                              Source: Newtonsoft.Json.dll.18.drString found in binary or memory: http://james.newtonking.com/projects/json
                              Source: rundll32.exe, 00000012.00000002.2268573766.0000000006CA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://msdn.microsoft.K/
                              Source: AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A2A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/
                              Source: AteraAgent.exe, 0000000E.00000002.3309788969.000001DD6BEFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgU
                              Source: AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6B9A0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3306452994.000001DD6B5C0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA60000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6B9EA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6B9C0000.00000004.00000020.00020000.00000000.sdmp, 8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A9440.14.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rh
                              Source: 698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB0.13.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxL
                              Source: AteraAgent.exe, 0000000E.00000002.3306452994.000001DD6B5C0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
                              Source: AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A2A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/s
                              Source: AteraAgent.exe, 0000000D.00000002.2192537362.000001A39A57E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A240000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2191000127.000001A381A99000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3306452994.000001DD6B530000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3306452994.000001DD6B502000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3308592482.000001DD6BB70000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA4F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA70000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, AgentPackageAgentInformation.exe.14.dr, 47e056.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, Atera.AgentPackage.Common.dll.14.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.14.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.drString found in binary or memory: http://ocsp.digicert.com0
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3306452994.000001DD6B5C0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA28000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA70000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA09000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2406499344.000001C73045F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2890146542.00000281D9075000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2890146542.00000281D8FF9000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.3044701956.000001A0F3A1B000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.3044701956.000001A0F3A36000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, AgentPackageAgentInformation.exe.14.dr, 47e056.msi.1.dr, C56C4404C4DEF0DC88E5FCD9F09CB2F1.14.dr, ICSharpCode.SharpZipLib.dll.1.dr, Atera.AgentPackage.Common.dll.14.dr, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.drString found in binary or memory: http://ocsp.digicert.com0A
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA70000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, AgentPackageAgentInformation.exe.14.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 47e056.msi.1.dr, MSI5.tmp.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, Atera.AgentPackage.Common.dll.14.dr, MSI74.tmp.1.dr, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.14.dr, MSIFFF5.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Newtonsoft.Json.dll.5.dr, Microsoft.Deployment.WindowsInstaller.dll.18.drString found in binary or memory: http://ocsp.digicert.com0C
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 47e056.msi.1.dr, MSI5.tmp.1.dr, MSI74.tmp.1.dr, MSIFFF5.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.drString found in binary or memory: http://ocsp.digicert.com0K
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 47e056.msi.1.dr, MSI5.tmp.1.dr, MSI74.tmp.1.dr, MSIFFF5.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.drString found in binary or memory: http://ocsp.digicert.com0N
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 47e056.msi.1.dr, MSI5.tmp.1.dr, MSI74.tmp.1.dr, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, MSIFFF5.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Newtonsoft.Json.dll.5.dr, Microsoft.Deployment.WindowsInstaller.dll.18.dr, Newtonsoft.Json.dll.18.drString found in binary or memory: http://ocsp.digicert.com0O
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A240000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA70000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6B9C0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, AgentPackageAgentInformation.exe.14.dr, 47e056.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, Atera.AgentPackage.Common.dll.14.dr, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.14.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.dr, Pubnub.dll.1.dr, BouncyCastle.Crypto.dll.1.drString found in binary or memory: http://ocsp.digicert.com0X
                              Source: AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRS
                              Source: AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A2C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com:80/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF
                              Source: AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A240000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3309622120.000001DD6BEBF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com:80/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7Nfjgt
                              Source: AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A2A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
                              Source: AteraAgent.exe, 0000000E.00000002.3306452994.000001DD6B530000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6B9A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
                              Source: AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A2A8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl
                              Source: AteraAgent.exe, 0000000D.00000002.2191000127.000001A381A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org
                              Source: AteraAgent.exe, 0000000D.00000002.2191000127.000001A381A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                              Source: AteraAgent.exe, 0000000D.00000002.2191000127.000001A381A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceProcess
                              Source: rundll32.exe, 00000005.00000002.2111430509.00000000042E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2111430509.0000000004384000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52E31000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2267776351.0000000004534000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2267776351.0000000004491000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2405717306.000001C717C33000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2890703080.00000281D920F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.3043333128.000001A0DB1DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 47e056.msi.1.dr, MSI5.tmp.1.dr, MSI74.tmp.1.dr, MSIFFF5.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.drString found in binary or memory: http://wixtoolset.org
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041B7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.000000000409F000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.drString found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041B7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.000000000409F000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.drString found in binary or memory: http://wixtoolset.org/news/
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041B7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.000000000409F000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.drString found in binary or memory: http://wixtoolset.org/releases/
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2192537362.000001A39A57E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A240000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2191000127.000001A381A99000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3306452994.000001DD6B530000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3306452994.000001DD6B502000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3308592482.000001DD6BB70000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA4F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA70000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, AgentPackageAgentInformation.exe.14.dr, 47e056.msi.1.dr, ICSharpCode.SharpZipLib.dll.1.dr, Atera.AgentPackage.Common.dll.14.dr, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, AteraAgent.exe.1.dr, Newtonsoft.Json.dll.14.drString found in binary or memory: http://www.digicert.com/CPS0
                              Source: rundll32.exe, 00000012.00000003.2265560827.0000000006CB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
                              Source: AteraAgent.exe, 0000000E.00000002.3306452994.000001DD6B530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
                              Source: AteraAgent.exe, 0000000D.00000002.2191000127.000001A381A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.o
                              Source: AteraAgent.exe, 0000000D.00000002.2191000127.000001A381A99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.oh
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53496000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.P
                              Source: rundll32.exe, 00000005.00000002.2111430509.0000000004384000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2267776351.0000000004534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.aterD
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041B7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2111430509.00000000042E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2111430509.0000000004384000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52E31000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2267776351.0000000004534000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2267776351.0000000004491000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.000000000409F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2405717306.000001C717C33000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2890703080.00000281D920F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.3043333128.000001A0DB1DF000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.6.drString found in binary or memory: https://agent-api.atera.com
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041B7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2111430509.00000000042E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2111430509.0000000004384000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2267776351.0000000004534000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2267776351.0000000004491000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.000000000409F000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.6.drString found in binary or memory: https://agent-api.atera.com/
                              Source: AgentPackageAgentInformation.exe, 00000013.00000002.2405717306.000001C717C33000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2890703080.00000281D920F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.3043333128.000001A0DB1DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041B7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2111430509.00000000042E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2111430509.0000000004384000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2267776351.0000000004534000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2267776351.0000000004491000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.000000000409F000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.6.drString found in binary or memory: https://agent-api.atera.com/Production/Agent/
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/AcknowledgeCommands
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53496000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/Age
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53496000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EBE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting
                              Source: AgentPackageAgentInformation.exe, 00000013.00000002.2405717306.000001C717C33000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2890703080.00000281D920F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.3043333128.000001A0DB1DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/CommandResult
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53496000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetComm
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommands
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallback
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52E31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetEnvironmentStatus
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EBE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages.
                              Source: rundll32.exe, 00000005.00000002.2111430509.00000000042E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2111430509.0000000004384000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2267776351.0000000004534000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2267776351.0000000004491000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307205402.000001DD6B762000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2406290953.000001C730322000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.14.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.drString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
                              Source: AteraAgent.exe, 0000000E.00000002.3309353035.000001DD6BDA2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.drString found in binary or memory: https://github.com/icsharpcode/SharpZipLib
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageA
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52F04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FCE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageAgentI
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Availability/0.16/Agent.Package.Availability.zip
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EB3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EFC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Watchdog/1.7/Agent.Package.Watchdog.zip
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FFA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52F04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FCE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52F31000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EB3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageNetworkDiscovery/13.0/AgentPackageNetworkDiscovery
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52F31000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EB3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EFC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52F31000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EB3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EFC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageTaskScheduler/13.0/AgentPackageTaskScheduler.zip
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zip
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Availability/0.16/Agent.Package.Availability.z
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EB3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EFC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.7/Agent.Package.Watchdog.zip
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zip
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FFA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FCE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FCA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformati
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageHeartbeat/17.14/AgentPackageHeartbeat.zip
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageInternalPoller/23.8/AgentPackageInternalPoller.z
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zip
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/37.8/AgentPackageMonitoring.zip
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52F31000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EB3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EFC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageNetworkDiscovery/23.9/AgentPackageNetworkDiscove
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageOsUpdates/20.9/AgentPackageOsUpdates.zip
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageProgramManagement/26.3/AgentPackageProgramManage
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52F31000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EB3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EFC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageRuntimeInstaller/1.6/AgentPackageRuntimeInstalle
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/24.2/AgentPackageSTRemote.zip
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSystemTools/27.8/AgentPackageSystemTools.zip
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52F31000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EB3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EFC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zip
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTicketing/30.1/AgentPackageTicketing.zip
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageUpgradeAgent/27.6/AgentPackageUpgradeAgent.zip
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52F31000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zip
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Availability/13.0/Agent.Package.Availability.zip
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EB3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EFC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.IotPoc/13.0/Agent.Package.IotPoc.zip
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Watchdog/13.0/Agent.Package.Watchdog.zip
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FCE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageAgentInformation/22.7/AgentPackageAgentInformation
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52F31000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EB3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageNetworkDiscovery/15.0/AgentPackageNetworkDiscovery
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52F31000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EB3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EFC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstaller
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52F31000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EB3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EFC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageTaskScheduler/13.1/AgentPackageTaskScheduler.zip
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=198af10c-e838-4982-a564-e08a82a398e4
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=254b40c1-e391-4dc5-a3fc-b4191829120e
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=27575d4d-f049-4af3-98fd-29c9ab567af2
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=985e6a88-0b57-4d38-a817-216eb6ef36a4
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=b1f9d30a-4d02-478f-8a1f-0bd9525f8618
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=beca1352-9fbb-4086-9d34-96d86fc42e76
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d564941f-31f4-4f1e-8cfa-ab39104c2c32
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fbc5619b-ff2b-4cc2-bf14-e4eb42ae8834
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fc5b0f0f-6a56-401f-80e9-8be81399a636
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/03
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-061~=
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d
                              Source: AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-H
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 47e056.msi.1.dr, MSI5.tmp.1.dr, MSI74.tmp.1.dr, MSIFFF5.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.drString found in binary or memory: https://www.digicert.com/CPS0
                              Source: AteraAgent.exe, 0000000E.00000002.3309930798.000001DD6BF13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.netlock.hu/docs/
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.drString found in binary or memory: https://www.newtonsoft.com/json
                              Source: Newtonsoft.Json.dll.18.drString found in binary or memory: https://www.newtonsoft.com/jsonschema
                              Source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307205402.000001DD6B762000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2406290953.000001C730322000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.14.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.drString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49722 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49721 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 108.158.75.46:443 -> 192.168.2.5:49747 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49885 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49884 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49904 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49903 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49922 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49921 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49941 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49943 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49961 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49967 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49985 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49987 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:49988 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:50014 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.232.67.199:443 -> 192.168.2.5:50020 version: TLS 1.2
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1Jump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944Jump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95Jump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4Jump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to dropped file

                              Spam, unwanted Advertisements and Ransom Demands

                              barindex
                              Reads the Security eventlog
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                              Reads the System eventlog
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\47e054.msiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE1AC.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE3EF.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFDA2.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{E732A0D7-A2F2-4657-AC41-B19742648E45}Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFFF5.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI74.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI17E.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\47e056.msiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\47e056.msiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1EAC.tmpJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1AC.tmp-Jump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1AC.tmp-\AlphaControlAgentInstallation.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1AC.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1AC.tmp-\Newtonsoft.Json.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1AC.tmp-\System.Management.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1AC.tmp-\CustomAction.configJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE3EF.tmp-Jump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE3EF.tmp-\AlphaControlAgentInstallation.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE3EF.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE3EF.tmp-\Newtonsoft.Json.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE3EF.tmp-\System.Management.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE3EF.tmp-\CustomAction.configJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFDA2.tmp-Jump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFDA2.tmp-\AlphaControlAgentInstallation.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFDA2.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFDA2.tmp-\Newtonsoft.Json.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFDA2.tmp-\System.Management.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFDA2.tmp-\CustomAction.configJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLogJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BA74182F76F15A9CF514DEF352303C95
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1A374813EDB1A6631387E414D3E73232
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1A374813EDB1A6631387E414D3E73232
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1EAC.tmp-
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1EAC.tmp-\AlphaControlAgentInstallation.dll
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1EAC.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1EAC.tmp-\Newtonsoft.Json.dll
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1EAC.tmp-\System.Management.dll
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1EAC.tmp-\CustomAction.config
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
                              Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIE1AC.tmpJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_067200405_3_06720040
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_067260485_3_06726048
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_3_071359A86_3_071359A8
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_3_071350B86_3_071350B8
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_3_07134D686_3_07134D68
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FF848AAC92213_2_00007FF848AAC922
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FF848AABB7613_2_00007FF848AABB76
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FF848AA0C1D13_2_00007FF848AA0C1D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848A9C92014_2_00007FF848A9C920
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848A91CF014_2_00007FF848A91CF0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848AA1BFE14_2_00007FF848AA1BFE
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848A80C5814_2_00007FF848A80C58
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848A9901314_2_00007FF848A99013
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848A89AF214_2_00007FF848A89AF2
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848A9CF6814_2_00007FF848A9CF68
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848C9E2FA14_2_00007FF848C9E2FA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848C9AC9714_2_00007FF848C9AC97
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848C993FD14_2_00007FF848C993FD
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848C9695014_2_00007FF848C96950
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_3_04326C2018_3_04326C20
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_3_043257B818_3_043257B8
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_3_0432585018_3_04325850
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_3_0441767818_3_04417678
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_3_0441004018_3_04410040
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 19_2_00007FF848A8FA9419_2_00007FF848A8FA94
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 19_2_00007FF848A8868219_2_00007FF848A88682
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 19_2_00007FF848A878D619_2_00007FF848A878D6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 19_2_00007FF848A9100A19_2_00007FF848A9100A
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 19_2_00007FF848A812FB19_2_00007FF848A812FB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 19_2_00007FF848A8BD1019_2_00007FF848A8BD10
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 19_2_00007FF848A910C019_2_00007FF848A910C0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FF848A6FA9422_2_00007FF848A6FA94
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FF848A8047D22_2_00007FF848A8047D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FF848A6868222_2_00007FF848A68682
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FF848A678D622_2_00007FF848A678D6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FF848A7100A22_2_00007FF848A7100A
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FF848A612FB22_2_00007FF848A612FB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FF848A710C022_2_00007FF848A710C0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FF848AAFA9424_2_00007FF848AAFA94
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FF848AC047D24_2_00007FF848AC047D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FF848AA868224_2_00007FF848AA8682
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FF848AB108C24_2_00007FF848AB108C
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FF848AA78D624_2_00007FF848AA78D6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FF848AA182824_2_00007FF848AA1828
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FF848AA12FB24_2_00007FF848AA12FB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FF848AABDB024_2_00007FF848AABDB0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FF848AB10C024_2_00007FF848AB10C0
                              Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
                              Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll 443A1C088E62810A954FFE9F0136F7A8D5E44928425D23B5284D936270D9837A
                              Source: ListaItensVistoriaCorpodeBombeirosObrigatorio.msiBinary or memory string: OriginalFilenameAlphaControlAgentInstallation.dll\ vs ListaItensVistoriaCorpodeBombeirosObrigatorio.msi
                              Source: ListaItensVistoriaCorpodeBombeirosObrigatorio.msiBinary or memory string: OriginalFilenameSfxCA.dll\ vs ListaItensVistoriaCorpodeBombeirosObrigatorio.msi
                              Source: ListaItensVistoriaCorpodeBombeirosObrigatorio.msiBinary or memory string: OriginalFilenamewixca.dll\ vs ListaItensVistoriaCorpodeBombeirosObrigatorio.msi
                              Source: ICSharpCode.SharpZipLib.dll.1.dr, InflaterInputBuffer.csCryptographic APIs: 'TransformBlock'
                              Source: ICSharpCode.SharpZipLib.dll.1.dr, DeflaterOutputStream.csCryptographic APIs: 'TransformBlock'
                              Source: ICSharpCode.SharpZipLib.dll.1.dr, ZipAESTransform.csCryptographic APIs: 'TransformBlock'
                              Source: AteraAgent.exe.1.dr, SignatureValidator.csBase64 encoded string: 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YmxeR/2wifvwd/MQXb/5tsLsvlMs50tmraklX8MKsU1EgEpRZ+W0Ro1ZHoLhQG53oq9hPz9bmJge78yZr6l1QJWz6wCj+yQUxM5f0gt4fHEf2yA94Tklnds7JPr2vQRb5rjAnxnt7722oWFc1bxFFsIcIhOI/EHYCE0qSPE1pKMXALkHZYoDQEFUu3YgEc0Oo7ClJNFrB75g6tVZRqGKxVvYQBb9zKDxhBRnDkhZuB7D1gRaR9PNwCr7tVtPt40c+CCf5ktUkeu4JzaiEipWvKYgRvotqsFtZF5uFso2UmdvxO+lIw9i/GPDfgS4JhKu/Y9lCuaan+xEluhSK0vpQIDAQAB'
                              Source: classification engineClassification label: mal88.troj.spyw.evad.winMSI@37/84@11/2
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA NetworksJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.logJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMutant created: NULL
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMutant created: \Sessions\1\BaseNamedObjects\Global\netfxeventlog.1.0
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7064:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7612:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6548:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1628:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8164:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7984:120:WilError_03
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF249BEF134D41FAF6.TMPJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;AteraAgent.exe&quot;)
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile read: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini
                              Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIE1AC.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4710906 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                              Source: ListaItensVistoriaCorpodeBombeirosObrigatorio.msiStatic file information: TRID: Microsoft Windows Installer (60509/1) 57.88%
                              Source: ListaItensVistoriaCorpodeBombeirosObrigatorio.msiReversingLabs: Detection: 26%
                              Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\ListaItensVistoriaCorpodeBombeirosObrigatorio.msi"
                              Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 399844DB614D5E1E27E49AAF003F570D
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIE1AC.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4710906 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIE3EF.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4711453 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIFDA2.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4718015 11 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 04E8F29C9872C7FAF44877CCF53966A9 E Global\MSI0000
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                              Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="comunicado@gestorempresas.digital" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q3000006YrPqIAK" /AgentId="036a7bb6-e9ab-4003-820d-512fa1b48707"
                              Source: unknownProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                              Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI1EAC.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4726484 33 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 036a7bb6-e9ab-4003-820d-512fa1b48707 "947f5ffd-2187-4fed-88a8-f6375fd81e42" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q3000006YrPqIAK
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 036a7bb6-e9ab-4003-820d-512fa1b48707 "d33bc958-4922-4182-b68f-3483e8de9f0d" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q3000006YrPqIAK
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 036a7bb6-e9ab-4003-820d-512fa1b48707 "74b28cea-d314-412b-b1ac-0c6c5fd129c1" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q3000006YrPqIAK
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 399844DB614D5E1E27E49AAF003F570DJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 04E8F29C9872C7FAF44877CCF53966A9 E Global\MSI0000Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="comunicado@gestorempresas.digital" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q3000006YrPqIAK" /AgentId="036a7bb6-e9ab-4003-820d-512fa1b48707"Jump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIE1AC.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4710906 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentIdJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIE3EF.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4711453 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStartJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIFDA2.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4718015 11 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallationJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI1EAC.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4726484 33 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEndJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgentJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exeJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgentJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 036a7bb6-e9ab-4003-820d-512fa1b48707 "947f5ffd-2187-4fed-88a8-f6375fd81e42" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q3000006YrPqIAK
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 036a7bb6-e9ab-4003-820d-512fa1b48707 "d33bc958-4922-4182-b68f-3483e8de9f0d" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q3000006YrPqIAK
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 036a7bb6-e9ab-4003-820d-512fa1b48707 "74b28cea-d314-412b-b1ac-0c6c5fd129c1" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q3000006YrPqIAK
                              Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: samcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: samcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: dsrole.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: logoncli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: version.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: riched20.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: usp10.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msls31.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptnet.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winnsi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc6.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: webio.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: propsys.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: edputil.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: urlmon.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iertutil.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: srvcli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: netutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.staterepositoryps.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wintypes.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: appresolver.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: bcp47langs.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: slc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sppc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: onecorecommonproxystub.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: onecoreuapcommonproxystub.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: gpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptnet.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: webio.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: apphelp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: apphelp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                              Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile written: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                              Source: ListaItensVistoriaCorpodeBombeirosObrigatorio.msiStatic file information: File size 2994176 > 1048576
                              Source: Binary string: \??\C:\Windows\symbols\dll\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2111029164.0000000002837000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2266567631.000000000277B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2265606701.0000000002779000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\Windows\AlphaControlAgentInstallation.pdbpdbion.pdb% source: rundll32.exe, 00000012.00000002.2268573766.0000000006CA0000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: ?&nC:\Windows\Installer\MSIE3EF.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2110117921.0000000000147000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000D.00000000.2134604036.000001A3FF0A2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.1.dr
                              Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: rundll32.exe, 00000005.00000002.2112446164.0000000006CA0000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000013.00000002.2405538328.000001C717522000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.14.dr
                              Source: Binary string: \??\C:\Windows\symbols\dll\System.pdbs source: rundll32.exe, 00000005.00000003.2109897446.00000000027C6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2110920754.00000000027C6000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: n\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2110117921.0000000000147000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2266038564.0000000000177000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000012.00000003.2265648378.0000000002741000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2266361891.0000000002741000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: BouncyCastle.Crypto.pdbSHA256 source: BouncyCastle.Crypto.dll.1.dr
                              Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000004.00000003.2048777891.00000000045AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041B7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.000000000409F000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.dr
                              Source: Binary string: \??\C:\Windows\System.pdbG source: rundll32.exe, 00000005.00000002.2112446164.0000000006C70000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\symbols\dll\System.pdbO source: rundll32.exe, 00000005.00000003.2109897446.00000000027C6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2110920754.00000000027C6000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000D.00000000.2134604036.000001A3FF0A2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.1.dr
                              Source: Binary string: C:\Windows\System.pdbpdbtem.pdbtVb source: rundll32.exe, 00000005.00000002.2112446164.0000000006CB9000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\symbols\dll\System.pdbX source: rundll32.exe, 00000012.00000002.2266567631.000000000277B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2265606701.0000000002779000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 0000000E.00000002.3309353035.000001DD6BDA2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.dr
                              Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 0000000E.00000002.3309353035.000001DD6BDA2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.dr
                              Source: Binary string: ll\AlphaControlAgentInstallation.pdb* source: rundll32.exe, 00000012.00000003.2265560827.0000000006CB9000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307205402.000001DD6B762000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.dr
                              Source: Binary string: \??\C:\Windows\symbols\dll\System.pdb source: rundll32.exe, 00000012.00000002.2266567631.000000000277B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2265606701.0000000002779000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdbs source: rundll32.exe, 00000005.00000003.2109897446.00000000027C6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2110920754.00000000027C6000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA70000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000000.2365900358.000001C717172000.00000002.00000001.01000000.00000016.sdmp, AgentPackageAgentInformation.exe.14.dr
                              Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000004.00000003.2048777891.00000000045AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2112446164.0000000006CA0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2111029164.000000000284C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041B7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2109746555.000000000284C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2265560827.0000000006CB9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2268599541.0000000006CBB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2266567631.000000000277B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2265606701.0000000002779000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.000000000409F000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.6.dr
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AgentPackageAgentInformation.exe, 00000013.00000002.2406290953.000001C730322000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.14.dr
                              Source: Binary string: C:\Windows\System.pdbpdbtem.pdb source: rundll32.exe, 00000012.00000002.2268573766.0000000006CA0000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307205402.000001DD6B762000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2406290953.000001C730322000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.14.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.dr
                              Source: Binary string: C:\Windows\AlphaControlAgentInstallation.pdbpdbion.pdb source: rundll32.exe, 00000005.00000002.2112446164.0000000006C70000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, 47e056.msi.1.dr, MSI5.tmp.1.dr, MSI74.tmp.1.dr, MSIFFF5.tmp.1.dr
                              Source: Binary string: ?&nC:\Windows\Installer\MSI1EAC.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000012.00000002.2266038564.0000000000177000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: dows\dll\System.pdb source: rundll32.exe, 00000005.00000002.2112446164.0000000006C70000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000004.00000003.2048777891.00000000045AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041B7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.000000000409F000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.dr
                              Source: Binary string: \??\C:\Windows\System.pdb source: rundll32.exe, 00000005.00000002.2112446164.0000000006C70000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdbvider source: rundll32.exe, 00000005.00000003.2109897446.00000000027C6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2110920754.00000000027C6000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbI source: rundll32.exe, 00000005.00000002.2111029164.000000000284C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2109746555.000000000284C000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000013.00000002.2405538328.000001C717522000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.14.dr
                              Source: Binary string: \??\C:\Windows\dll\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000003.2109728744.0000000006CC0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2265560827.0000000006CB9000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\Installer\MSI1EAC.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000012.00000003.2265648378.0000000002741000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2266361891.0000000002741000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: System.pdb source: rundll32.exe, 00000005.00000002.2112446164.0000000006CA0000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\Installer\MSIE3EF.tmp-\AlphaControlAgentInstallation.PDB source: rundll32.exe, 00000005.00000003.2109897446.00000000027C6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2110920754.00000000027C6000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: rundll32.exe, 00000005.00000002.2111029164.000000000284C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2109746555.000000000284C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2266567631.000000000277B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2265606701.0000000002779000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000D.00000002.2195101217.000001A3FF592000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.1.dr
                              Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000D.00000002.2195101217.000001A3FF592000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.1.dr
                              Source: Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdb \ source: rundll32.exe, 00000012.00000003.2265648378.0000000002741000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2266361891.0000000002741000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, 47e056.msi.1.dr, MSI1EAC.tmp.1.dr, MSIE3EF.tmp.1.dr, 47e054.msi.1.dr
                              Source: Binary string: BouncyCastle.Crypto.pdb source: BouncyCastle.Crypto.dll.1.dr
                              Source: Binary string: \??\C:\Windows\Installer\MSI1EAC.tmp-\AlphaControlAgentInstallation.PDB source: rundll32.exe, 00000012.00000003.2265648378.0000000002741000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2266361891.0000000002741000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\Installer\MSIE3EF.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000003.2109897446.00000000027C6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2110920754.00000000027C6000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\Installer\MSI1EAC.tmp-\AlphaControlAgentInstallation.pdbW source: rundll32.exe, 00000012.00000003.2265648378.0000000002741000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2266361891.0000000002741000.00000004.00000020.00020000.00000000.sdmp
                              Source: BouncyCastle.Crypto.dll.1.drStatic PE information: 0xE49A52B3 [Sun Jul 15 06:22:43 2091 UTC]
                              Source: MSIE1AC.tmp.1.drStatic PE information: real checksum: 0x32353 should be: 0x88610
                              Source: MSI1EAC.tmp.1.drStatic PE information: real checksum: 0x32353 should be: 0x88610
                              Source: MSIFDA2.tmp.1.drStatic PE information: real checksum: 0x32353 should be: 0x88610
                              Source: MSIE3EF.tmp.1.drStatic PE information: real checksum: 0x32353 should be: 0x88610
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_066457B8 push es; ret 5_3_06645840
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_06644E90 push es; ret 5_3_06644EA0
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_06646BF1 push es; ret 5_3_06646C00
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_06645870 push es; ret 5_3_06645880
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_066458D2 push es; ret 5_3_066458E0
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_066458B0 push es; ret 5_3_066458C0
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_06645890 push es; ret 5_3_066458A0
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_06645952 push es; ret 5_3_06645960
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_06645932 push es; ret 5_3_06645940
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_067284A1 push es; ret 5_3_067284B0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FF848AA09F8 push ecx; retn F8A7h13_2_00007FF848AA0A0C
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FF848AA00BD pushad ; iretd 13_2_00007FF848AA00C1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848AA0AE4 pushad ; ret 14_2_00007FF848AA0AF1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848A809F8 push ecx; retn F8A7h14_2_00007FF848A80A0C
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848A9CE09 push ebx; retf 14_2_00007FF848A9CE0A
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848A800BD pushad ; iretd 14_2_00007FF848A800C1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848A9E257 push ebx; iretd 14_2_00007FF848A9E25A
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 14_2_00007FF848C90F64 push eax; ret 14_2_00007FF848C90F94
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 19_2_00007FF848A800BD pushad ; iretd 19_2_00007FF848A800C1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FF848A600BD pushad ; iretd 22_2_00007FF848A600C1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FF848AB5587 push ebp; iretd 24_2_00007FF848AB55D8
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FF848AA00BD pushad ; iretd 24_2_00007FF848AA00C1

                              Persistence and Installation Behavior

                              barindex
                              Creates files in the system32 config directory
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BA74182F76F15A9CF514DEF352303C95
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1A374813EDB1A6631387E414D3E73232
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1A374813EDB1A6631387E414D3E73232
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE3EF.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1EAC.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1EAC.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1EAC.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1AC.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE3EF.tmpJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE1AC.tmpJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1AC.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFDA2.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI17E.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFDA2.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1EAC.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFDA2.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE3EF.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI74.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFDA2.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1AC.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1AC.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE3EF.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFDA2.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE3EF.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1EAC.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE3EF.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1EAC.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1EAC.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1EAC.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFDA2.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI17E.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFDA2.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1EAC.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFDA2.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1AC.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE3EF.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFDA2.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI74.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE3EF.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1AC.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1AC.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE1AC.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE3EF.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE1AC.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIFDA2.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIE3EF.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI1EAC.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLogJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLogJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\ApplicationJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C Blob
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX

                              Malware Analysis System Evasion

                              barindex
                              Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 1A381800000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 1A3999D0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 1DD52840000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 1DD6AE30000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 1C7174C0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 1C72FBB0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 281D8B70000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 281F1150000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 1A0DAC30000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 1A0F3120000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWindow / User API: threadDelayed 6227
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWindow / User API: threadDelayed 3396
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE3EF.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1EAC.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1EAC.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1EAC.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE1AC.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE3EF.tmpJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE1AC.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE1AC.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFDA2.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI17E.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFDA2.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI5.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1EAC.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFDA2.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE3EF.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFDA2.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI74.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE1AC.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE1AC.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE3EF.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFDA2.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE3EF.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1EAC.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exe TID: 6688Thread sleep time: -30000s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 2072Thread sleep time: -60000s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 6536Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 1504Thread sleep count: 6227 > 30
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 1504Thread sleep count: 3396 > 30
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7340Thread sleep count: 31 > 30
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7340Thread sleep time: -28592453314249787s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7340Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7388Thread sleep count: 47 > 30
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7388Thread sleep time: -470000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7408Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7384Thread sleep time: -180000s >= -30000s
                              Source: C:\Windows\SysWOW64\rundll32.exe TID: 7428Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7684Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7660Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 8060Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 8028Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6508Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4072Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 30000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 90000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: AgentPackageAgentInformation.exe.14.drBinary or memory string: VIRUSfighterAVMware Carbon Black Cloud Sensor7VMware Carbon Black Defense/VMware Carbon Black EDR9VMware Carbon Black Response
                              Source: AgentPackageAgentInformation.exe, 00000016.00000002.2890146542.00000281D8FF9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll,,I
                              Source: AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A32A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A240000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3306452994.000001DD6B530000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA28000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3308592482.000001DD6BABC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                              Source: AteraAgent.exe, 0000000D.00000002.2191832938.000001A39A2C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
                              Source: rundll32.exe, 00000012.00000002.2266567631.000000000277B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2265606701.0000000002779000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2406499344.000001C730411000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.3044452559.000001A0F39E3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                              Source: rundll32.exe, 00000005.00000002.2111029164.0000000002828000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2109746555.0000000002827000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllvv
                              Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                              Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: page read and write | page guardJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="comunicado@gestorempresas.digital" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q3000006YrPqIAK" /AgentId="036a7bb6-e9ab-4003-820d-512fa1b48707"Jump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgentJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exeJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgentJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 036a7bb6-e9ab-4003-820d-512fa1b48707 "947f5ffd-2187-4fed-88a8-f6375fd81e42" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q3000006YrPqIAK
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 036a7bb6-e9ab-4003-820d-512fa1b48707 "d33bc958-4922-4182-b68f-3483e8de9f0d" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q3000006YrPqIAK
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 036a7bb6-e9ab-4003-820d-512fa1b48707 "74b28cea-d314-412b-b1ac-0c6c5fd129c1" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q3000006YrPqIAK
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exeJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "c:\program files (x86)\atera networks\ateraagent\ateraagent.exe" /i /integratorlogin="comunicado@gestorempresas.digital" /companyid="1" /integratorloginui="" /companyidui="" /folderid="" /accountid="001q3000006yrpqiak" /agentid="036a7bb6-e9ab-4003-820d-512fa1b48707"
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 036a7bb6-e9ab-4003-820d-512fa1b48707 "947f5ffd-2187-4fed-88a8-f6375fd81e42" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q3000006yrpqiak
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 036a7bb6-e9ab-4003-820d-512fa1b48707 "d33bc958-4922-4182-b68f-3483e8de9f0d" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q3000006yrpqiak
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 036a7bb6-e9ab-4003-820d-512fa1b48707 "74b28cea-d314-412b-b1ac-0c6c5fd129c1" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q3000006yrpqiak
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "c:\program files (x86)\atera networks\ateraagent\ateraagent.exe" /i /integratorlogin="comunicado@gestorempresas.digital" /companyid="1" /integratorloginui="" /companyidui="" /folderid="" /accountid="001q3000006yrpqiak" /agentid="036a7bb6-e9ab-4003-820d-512fa1b48707"Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 036a7bb6-e9ab-4003-820d-512fa1b48707 "947f5ffd-2187-4fed-88a8-f6375fd81e42" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q3000006yrpqiak
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 036a7bb6-e9ab-4003-820d-512fa1b48707 "d33bc958-4922-4182-b68f-3483e8de9f0d" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q3000006yrpqiak
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 036a7bb6-e9ab-4003-820d-512fa1b48707 "74b28cea-d314-412b-b1ac-0c6c5fd129c1" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q3000006yrpqiak
                              Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIE1AC.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIE1AC.tmp-\AlphaControlAgentInstallation.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIE3EF.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIE3EF.tmp-\AlphaControlAgentInstallation.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIE3EF.tmp-\Newtonsoft.Json.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIFDA2.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIFDA2.tmp-\AlphaControlAgentInstallation.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI1EAC.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI1EAC.tmp-\AlphaControlAgentInstallation.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI1EAC.tmp-\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob

                              Remote Access Functionality

                              barindex
                              Yara detected AteraAgent
                              Source: Yara matchFile source: 19.2.AgentPackageAgentInformation.exe.1c717520000.1.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 13.0.AteraAgent.exe.1a3ff0a0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 19.0.AgentPackageAgentInformation.exe.1c717170000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000018.00000002.3042477973.000001A0DA9DB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000E.00000002.3300930591.000001DD52F31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2192537362.000001A39A57E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.3042477973.000001A0DA9BB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2192537362.000001A39A5A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2193234139.000001A3FF316000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000E.00000002.3299820990.000001DD526AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000013.00000002.2404938778.000001C717300000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2192518393.000001A39A530000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000000.2134604036.000001A3FF0A2000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2889283175.00000281D881B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000E.00000002.3300930591.000001DD52E9E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2193234139.000001A3FF3A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2191832938.000001A39A32A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000013.00000000.2365900358.000001C717172000.00000002.00000001.01000000.00000016.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.3043333128.000001A0DB1DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.3043333128.000001A0DB121000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000E.00000002.3299476619.000001DD524C0000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000013.00000002.2405596328.000001C717580000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2890703080.00000281D9151000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.3043122159.000001A0DAC00000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2191000127.000001A381B4C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2193234139.000001A3FF372000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2191000127.000001A381B05000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000E.00000002.3306452994.000001DD6B502000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2193234139.000001A3FF310000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000012.00000002.2267776351.0000000004534000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2890019298.00000281D8BA0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2191000127.000001A381A8A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000E.00000002.3307775502.000001DD6B9A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000013.00000002.2405538328.000001C717522000.00000002.00000001.01000000.00000018.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000006.00000003.2119989843.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000005.00000003.2059724248.00000000041B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2191000127.000001A381A59000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000E.00000002.3306452994.000001DD6B5C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000013.00000002.2404938778.000001C717391000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2193234139.000001A3FF331000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2191000127.000001A381B36000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2197389171.00007FF848B34000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2889283175.00000281D87E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2194878966.000001A3FF580000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.3042337428.000001A0DA9A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000013.00000002.2405717306.000001C717BB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2889283175.00000281D87E9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000E.00000002.3299820990.000001DD52670000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000E.00000002.3300664346.000001DD52860000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2191000127.000001A381B02000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.3042879015.000001A0DAA5B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000E.00000002.3300930591.000001DD53132000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.3043333128.000001A0DB193000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000E.00000002.3296252193.00000017E17C5000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2889283175.00000281D8825000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2191000127.000001A381A84000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000005.00000002.2111430509.00000000042E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2890703080.00000281D920F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2890703080.00000281D9197000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.3043333128.000001A0DB167000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2890703080.00000281D91D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000013.00000002.2405717306.000001C717C23000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000E.00000002.3300930591.000001DD52E31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.3043333128.000001A0DB1A3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000005.00000002.2111430509.0000000004384000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.3042477973.000001A0DAA23000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2890703080.00000281D91C3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000E.00000002.3307775502.000001DD6BA70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000013.00000002.2404938778.000001C71730C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000013.00000002.2404938778.000001C717344000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2193234139.000001A3FF352000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.3042337428.000001A0DA9A8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000E.00000002.3299820990.000001DD526CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2191000127.000001A381A82000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000013.00000002.2405717306.000001C717C33000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2889283175.00000281D8869000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2191000127.000001A381A5C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000004.00000003.2048777891.00000000045AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000012.00000003.2204528451.000000000409F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000E.00000002.3299820990.000001DD526F8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2890146542.00000281D8FF9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000012.00000002.2267776351.0000000004491000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2191000127.000001A381A99000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000D.00000002.2191000127.000001A3819D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5032, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5020, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5548, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AteraAgent.exe PID: 6204, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AteraAgent.exe PID: 6220, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7252, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 7604, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 7976, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 8156, type: MEMORYSTR
                              Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DFC62927D95770B6A7.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DF249BEF134D41FAF6.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DF4CDBAE97BB9B291A.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Config.Msi\47e055.rbs, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSIE3EF.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSIFDA2.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\System32\InstallUtil.InstallLog, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSI1EAC.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\inprogressinstallinfo.ipi, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSIFFF5.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DF6E1821419CBD92E5.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSIE1AC.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DF7D6DF77431214178.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DF809BDB3C3038939A.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED

                              Mitre Att&ck Matrix

                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity InformationAcquire Infrastructure1
                              Replication Through Removable Media                              		121
                              Windows Management Instrumentation                              		1
                              DLL Side-Loading                              		1
                              DLL Side-Loading                              		21
                              Disable or Modify Tools                              		OS Credential Dumping11
                              Peripheral Device Discovery                              		Remote Services11
                              Archive Collected Data                              		1
                              Ingress Tool Transfer                              		Exfiltration Over Other Network MediumAbuse Accessibility Features
                              CredentialsDomainsDefault Accounts1
                              Command and Scripting Interpreter                              		21
                              Windows Service                              		21
                              Windows Service                              		1
                              Deobfuscate/Decode Files or Information                              		LSASS Memory2
                              File and Directory Discovery                              		Remote Desktop ProtocolData from Removable Media11
                              Encrypted Channel                              		Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain Accounts11
                              Service Execution                              		Logon Script (Windows)11
                              Process Injection                              		21
                              Obfuscated Files or Information                              		Security Account Manager24
                              System Information Discovery                              		SMB/Windows Admin SharesData from Network Shared Drive2
                              Non-Application Layer Protocol                              		Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                              Timestomp                              		NTDS1
                              Query Registry                              		Distributed Component Object ModelInput Capture3
                              Application Layer Protocol                              		Traffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                              DLL Side-Loading                              		LSA Secrets211
                              Security Software Discovery                              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                              File Deletion                              		Cached Domain Credentials1
                              Process Discovery                              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items122
                              Masquerading                              		DCSync141
                              Virtualization/Sandbox Evasion                              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                              Modify Registry                              		Proc Filesystem1
                              Application Window Discovery                              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt141
                              Virtualization/Sandbox Evasion                              		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron11
                              Process Injection                              		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                              Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                              Rundll32                              		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1561812 Sample: ListaItensVistoriaCorpodeBo... Startdate: 24/11/2024 Architecture: WINDOWS Score: 88 97 ps.pndsn.com 2->97 99 ps.atera.com 2->99 101 5 other IPs or domains 2->101 107 Multi AV Scanner detection for dropped file 2->107 109 Multi AV Scanner detection for submitted file 2->109 111 Yara detected AteraAgent 2->111 113 3 other signatures 2->113 9 msiexec.exe 82 43 2->9         started        12 AteraAgent.exe 2->12         started        16 msiexec.exe 5 2->16         started        signatures3 process4 dnsIp5 81 C:\Windows\Installer\MSIFDA2.tmp, PE32 9->81 dropped 83 C:\Windows\Installer\MSIE3EF.tmp, PE32 9->83 dropped 85 C:\Windows\Installer\MSIE1AC.tmp, PE32 9->85 dropped 95 20 other files (17 malicious) 9->95 dropped 18 AteraAgent.exe 6 11 9->18         started        22 msiexec.exe 9->22         started        24 msiexec.exe 9->24         started        103 d25btwd9wax8gu.cloudfront.net 108.158.75.46, 443, 49747 AMAZON-02US United States 12->103 105 ps.pndsn.com 13.232.67.199, 443, 49721, 49722 AMAZON-02US United States 12->105 87 C:\...87ewtonsoft.Json.dll, PE32 12->87 dropped 89 C:\...\Atera.AgentPackage.Common.dll, PE32 12->89 dropped 91 C:\...\AgentPackageAgentInformation.exe, PE32 12->91 dropped 93 AgentPackageAgentInformation.exe.config, XML 12->93 dropped 121 Creates files in the system32 config directory 12->121 123 Reads the Security eventlog 12->123 125 Reads the System eventlog 12->125 26 AgentPackageAgentInformation.exe 12->26         started        28 sc.exe 12->28         started        30 AgentPackageAgentInformation.exe 12->30         started        32 AgentPackageAgentInformation.exe 12->32         started        file6 signatures7 process8 file9 59 C:\Windows\System32\InstallUtil.InstallLog, Unicode 18->59 dropped 61 C:\...\AteraAgent.InstallLog, Unicode 18->61 dropped 115 Creates files in the system32 config directory 18->115 117 Reads the Security eventlog 18->117 119 Reads the System eventlog 18->119 34 rundll32.exe 15 9 22->34         started        37 rundll32.exe 7 22->37         started        39 rundll32.exe 8 22->39         started        41 rundll32.exe 22->41         started        51 2 other processes 24->51 43 conhost.exe 26->43         started        45 conhost.exe 28->45         started        47 conhost.exe 30->47         started        49 conhost.exe 32->49         started        signatures10 process11 file12 63 C:\...\AlphaControlAgentInstallation.dll, PE32 34->63 dropped 73 3 other files (none is malicious) 34->73 dropped 65 C:\...\AlphaControlAgentInstallation.dll, PE32 37->65 dropped 67 C:\Windows\...\System.Management.dll, PE32 37->67 dropped 75 2 other files (none is malicious) 37->75 dropped 69 C:\...\AlphaControlAgentInstallation.dll, PE32 39->69 dropped 77 3 other files (none is malicious) 39->77 dropped 71 C:\...\AlphaControlAgentInstallation.dll, PE32 41->71 dropped 79 3 other files (none is malicious) 41->79 dropped 53 conhost.exe 51->53         started        55 conhost.exe 51->55         started        57 net1.exe 1 51->57         started        process13

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              ListaItensVistoriaCorpodeBombeirosObrigatorio.msi26%ReversingLabsWin32.Trojan.Atera

                              Dropped Files

                              SourceDetectionScannerLabelLink
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe26%ReversingLabsWin32.Trojan.Atera
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll0%ReversingLabs
                              C:\Windows\Installer\MSI17E.tmp0%ReversingLabs
                              C:\Windows\Installer\MSI1EAC.tmp0%ReversingLabs
                              C:\Windows\Installer\MSI1EAC.tmp-\AlphaControlAgentInstallation.dll0%ReversingLabs
                              C:\Windows\Installer\MSI1EAC.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                              C:\Windows\Installer\MSI1EAC.tmp-\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Windows\Installer\MSI1EAC.tmp-\System.Management.dll0%ReversingLabs
                              C:\Windows\Installer\MSI5.tmp0%ReversingLabs
                              C:\Windows\Installer\MSI74.tmp0%ReversingLabs
                              C:\Windows\Installer\MSIE1AC.tmp0%ReversingLabs
                              C:\Windows\Installer\MSIE1AC.tmp-\AlphaControlAgentInstallation.dll0%ReversingLabs
                              C:\Windows\Installer\MSIE1AC.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                              C:\Windows\Installer\MSIE1AC.tmp-\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Windows\Installer\MSIE1AC.tmp-\System.Management.dll0%ReversingLabs
                              C:\Windows\Installer\MSIE3EF.tmp0%ReversingLabs
                              C:\Windows\Installer\MSIE3EF.tmp-\AlphaControlAgentInstallation.dll0%ReversingLabs
                              C:\Windows\Installer\MSIE3EF.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                              C:\Windows\Installer\MSIE3EF.tmp-\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Windows\Installer\MSIE3EF.tmp-\System.Management.dll0%ReversingLabs
                              C:\Windows\Installer\MSIFDA2.tmp0%ReversingLabs
                              C:\Windows\Installer\MSIFDA2.tmp-\AlphaControlAgentInstallation.dll0%ReversingLabs
                              C:\Windows\Installer\MSIFDA2.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                              C:\Windows\Installer\MSIFDA2.tmp-\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Windows\Installer\MSIFDA2.tmp-\System.Management.dll0%ReversingLabs

                              Unpacked PE Files

                              No Antivirus matches

                              Domains

                              No Antivirus matches

                              URLs

                              SourceDetectionScannerLabelLink
                              http://cacerts.digicerZ0%Avira URL Cloudsafe
                              http://msdn.microsoft.K/0%Avira URL Cloudsafe

                              Domains and IPs

                              Contacted Domains

                              NameIPActiveMaliciousAntivirus DetectionReputation
                              ps.pndsn.com
                              		13.232.67.199
                              		truefalse
                                		high
                                bg.microsoft.map.fastly.net
                                		199.232.210.172
                                		truefalse
                                  		high
                                  d25btwd9wax8gu.cloudfront.net
                                  		108.158.75.46
                                  		truefalse
                                    		unknown
                                    fp2e7a.wpc.phicdn.net
                                    		192.229.221.95
                                    		truefalse
                                      		high
                                      ps.atera.com
                                      		unknown
                                      		unknownfalse
                                        		high
                                        agent-api.atera.com
                                        		unknown
                                        		unknownfalse
                                          		high

                                          Contacted URLs

                                          NameMaliciousAntivirus DetectionReputation
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d564941f-31f4-4f1e-8cfa-ab39104c2c32&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707false
                                            		high
                                            https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=025e58c1-51ad-4981-aee3-45a08882b1fd&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707false
                                              		high
                                              https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=6c5d24e4-0b70-422e-83c6-48afa7e568d5&tt=0&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707false
                                                		high
                                                https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f5d904fa-4ebd-4e88-9d51-8bf1316d9b84&tr=33&tt=17324439817091491&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707false
                                                  		high
                                                  https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=98e68274-5d6c-46f9-8e1c-6ac34eaaed9f&tr=33&tt=17324439817091491&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707false
                                                    		high
                                                    https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b0e0aedc-7feb-42fd-9d01-6a81d3a7a14a&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707false
                                                      		high
                                                      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=af9dd924-082e-4d82-abb8-ee5a0258cedd&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707false
                                                        		high
                                                        https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=4e8081eb-de73-414b-8c17-81b909623b91&tt=0&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707false
                                                          		high
                                                          https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=49582081-0068-4f70-b5a7-3884c66622b6&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707false
                                                            		high
                                                            https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=47d3572d-5ec1-4a16-8b18-b7c076a038fc&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707false
                                                              		high
                                                              https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c1866262-6dbe-4127-848d-fdd2fb9c798a&tt=0&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707false
                                                                		high
                                                                https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=beca1352-9fbb-4086-9d34-96d86fc42e76&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707false
                                                                  		high
                                                                  https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=10b48a2e-94d5-4663-b23c-61fa3a71d716&tt=0&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707false
                                                                    		high
                                                                    https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=985e6a88-0b57-4d38-a817-216eb6ef36a4&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707false
                                                                      		high
                                                                      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fc5b0f0f-6a56-401f-80e9-8be81399a636&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707false
                                                                        		high
                                                                        https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fbc5619b-ff2b-4cc2-bf14-e4eb42ae8834&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707false
                                                                          		high
                                                                          https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7e86a2c4-8170-4152-af60-04b88101e9d5&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707false
                                                                            		high
                                                                            https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=30556299-8b6f-404b-8ffa-af2979283dda&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707false
                                                                              		high
                                                                              https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=13748a53-9ba4-4d0b-89eb-106bb5773f70&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707false
                                                                                		high
                                                                                https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=52166139-0835-47a8-ba03-8e3021aadb32&tr=33&tt=17324439964531271&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707false
                                                                                  		high
                                                                                  https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7cb6273b-9aee-4659-b8d3-39f4cff22a24&tt=0&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707false
                                                                                    		high
                                                                                    https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=19e1beb7-925e-45d7-a87b-447402156469&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707false
                                                                                      		high
                                                                                      https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9dbd0473-c525-491a-8cab-a2fddc92f86f&tr=33&tt=17324439224725513&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707false
                                                                                        		high
                                                                                        https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=b1f9d30a-4d02-478f-8a1f-0bd9525f8618&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707false
                                                                                          		high
                                                                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=254b40c1-e391-4dc5-a3fc-b4191829120e&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707false
                                                                                            		high

                                                                                            URLs from Memory and Binaries

                                                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                                                            https://ps.atera.com/agentpackagesmac/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zipAteraAgent.exe, 0000000E.00000002.3300930591.000001DD52F31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.datacontract.orgAteraAgent.exe, 0000000D.00000002.2191000127.000001A381A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://ps.atera.com/agentpackagesnet45/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zipAteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.microsoft.corundll32.exe, 00000012.00000003.2265560827.0000000006CB9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://agent-api.atera.com/Production/Agent/track-eventrundll32.exe, 00000005.00000002.2111430509.00000000042E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2111430509.0000000004384000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2267776351.0000000004534000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2267776351.0000000004491000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://dl.google.com/googletalk/googletalk-setup.exeAteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA70000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000000.2365900358.000001C717172000.00000002.00000001.01000000.00000016.sdmp, AgentPackageAgentInformation.exe.14.drfalse
                                                                                                        		high
                                                                                                        http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crlAteraAgent.exe, 0000000E.00000002.3306452994.000001DD6B530000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://agent-api.atera.com/Production/Agent/rundll32.exe, 00000004.00000003.2048777891.00000000045AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041B7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2111430509.00000000042E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2111430509.0000000004384000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2267776351.0000000004534000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2267776351.0000000004491000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.000000000409F000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.6.drfalse
                                                                                                            		high
                                                                                                            http://schemas.datacontract.org/2004/07/System.ServiceProcessAteraAgent.exe, 0000000D.00000002.2191000127.000001A381A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://wixtoolset.orgrundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, ListaItensVistoriaCorpodeBombeirosObrigatorio.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 47e056.msi.1.dr, MSI5.tmp.1.dr, MSI74.tmp.1.dr, MSIFFF5.tmp.1.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.drfalse
                                                                                                                		high
                                                                                                                https://agent-api.atera.com/ProductionAgentPackageAgentInformation.exe, 00000013.00000002.2405717306.000001C717C33000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2890703080.00000281D920F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.3043333128.000001A0DB1DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstallerAteraAgent.exe, 0000000E.00000002.3300930591.000001DD52F31000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EB3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EFC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://acontrol.atera.com/AteraAgent.exe, 0000000D.00000000.2134604036.000001A3FF0A2000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52E31000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe.1.drfalse
                                                                                                                      		high
                                                                                                                      https://ps.pndsn.comAteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EBE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zipAteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namerundll32.exe, 00000005.00000002.2111430509.00000000042E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2111430509.0000000004384000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52E31000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2267776351.0000000004534000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2267776351.0000000004491000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2405717306.000001C717C33000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2890703080.00000281D920F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.3043333128.000001A0DB1DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://ps.atera.com/agentpackagesnet45/AgentPackageNetworkDiscovery/23.9/AgentPackageNetworkDiscoveAteraAgent.exe, 0000000E.00000002.3300930591.000001DD52F31000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EB3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EFC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://agent-api.atera.comrundll32.exe, 00000005.00000002.2111430509.00000000043A5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53496000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD534D3000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2267776351.0000000004555000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2405717306.000001C717CDF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2890703080.00000281D927F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.3043333128.000001A0DB24F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://ps.atera.com/agentpackagesnet45/AgentPackageSystemTools/27.8/AgentPackageSystemTools.zipAteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=254b40c1-e391-4dc5-a3fc-b4191829120eAteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://schemas.datacontract.org/2004/07/AteraAgent.exe, 0000000D.00000002.2191000127.000001A381A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=beca1352-9fbb-4086-9d34-96d86fc42e76AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://github.com/icsharpcode/SharpZipLibAteraAgent.exe, 0000000E.00000002.3309353035.000001DD6BDA2000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.1.drfalse
                                                                                                                                          		high
                                                                                                                                          https://ps.atera.com/agentpackageswin/AgentPackageNetworkDiscovery/15.0/AgentPackageNetworkDiscoveryAteraAgent.exe, 0000000E.00000002.3300930591.000001DD52F31000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EB3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageAgentIAteraAgent.exe, 0000000E.00000002.3300930591.000001DD52F04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FCE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.7/Agent.Package.Watchdog.zipAteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/vrundll32.exe, 00000004.00000003.2048777891.00000000045AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041B7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.000000000409F000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=27575d4d-f049-4af3-98fd-29c9ab567af2AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zipAteraAgent.exe, 0000000E.00000002.3300930591.000001DD52F31000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EB3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EFC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://ps.atera.com/agentpackagesnet45/AgentPackageTicketing/30.1/AgentPackageTicketing.zipAteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://agent-api.atera.comrundll32.exe, 00000004.00000003.2048777891.00000000045AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041B7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2111430509.00000000042E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2111430509.0000000004384000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52E31000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2267776351.0000000004534000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2267776351.0000000004491000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.000000000409F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.2405717306.000001C717C33000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2890703080.00000281D920F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.3043333128.000001A0DB1DF000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.6.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://agent-api.atera.com/Production/Agent/AgentStartingAteraAgent.exe, 0000000E.00000002.3300930591.000001DD53496000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EBE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://ps.pndsn.com/v2/subscribe/sub-c-a02AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://www.w3.ohAteraAgent.exe, 0000000D.00000002.2191000127.000001A381A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://agent-api.atera.com/Production/Agent/GetCommandsAteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-HAteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://agent-api.atera.com/rundll32.exe, 00000004.00000003.2048777891.00000000045AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041B7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2111430509.00000000042E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2111430509.0000000004384000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2267776351.0000000004534000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2267776351.0000000004491000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.000000000409F000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.6.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://agent-api.atera.com/Production/Agent/GetRecurringPackagesAteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EBE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://ps.atera.com/agentpackageswin/Agent.Package.Availability/13.0/Agent.Package.Availability.zipAteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://www.newtonsoft.com/jsonschemaNewtonsoft.Json.dll.18.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://cacerts.digicerZAteraAgent.exe, 0000000E.00000002.3307775502.000001DD6BA28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52F31000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EB3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EFC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://ps.atera.com/agentpackageswin/Agent.Package.Watchdog/13.0/Agent.Package.Watchdog.zipAteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fbc5619b-ff2b-4cc2-bf14-e4eb42ae8834AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EBE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://ps.atera.com/agentpackagesnet45/Agent.Package.Availability/0.16/Agent.Package.Availability.zAteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d564941f-31f4-4f1e-8cfa-ab39104c2c32AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://ps.atera.com/agentpackagesnet45/AgentPackageUpgradeAgent/27.6/AgentPackageUpgradeAgent.zipAteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://ps.atera.com/agentpackagesmac/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zipAteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EB3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EFC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://ps.atera.com/agentpackagesnet45/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zipAteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EB3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EFC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://ps.atera.com/agentpackagesmac/Agent.Package.Watchdog/1.7/Agent.Package.Watchdog.zipAteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=985e6a88-0b57-4d38-a817-216eb6ef36a4AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://www.newtonsoft.com/jsonrundll32.exe, 00000004.00000003.2048777891.00000000045DF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041E8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.00000000040D0000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.18.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://agent-api.atera.com/Production/Agent/AgeAteraAgent.exe, 0000000E.00000002.3300930591.000001DD53496000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://wixtoolset.org/news/rundll32.exe, 00000004.00000003.2048777891.00000000045AE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2059724248.00000000041B7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2119989843.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000003.2204528451.000000000409F000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.6.dr, Microsoft.Deployment.WindowsInstaller.dll.18.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820dAteraAgent.exe, 0000000E.00000002.3300930591.000001DD53132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=b1f9d30a-4d02-478f-8a1f-0bd9525f8618AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://ps.atera.com/agentpackageswin/AgentPackageAgentInformation/22.7/AgentPackageAgentInformationAteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FCE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://ps.atera.com/agentpackagesnet45/AgentPackageOsUpdates/20.9/AgentPackageOsUpdates.zipAteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://agent-api.aterDrundll32.exe, 00000005.00000002.2111430509.0000000004384000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.2267776351.0000000004534000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://ps.atera.com/agentpackagesmac/AgentPackageNetworkDiscovery/13.0/AgentPackageNetworkDiscoveryAteraAgent.exe, 0000000E.00000002.3300930591.000001DD52F31000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EB3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EFC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://ps.atera.com/agentpackageswin/Agent.Package.IotPoc/13.0/Agent.Package.IotPoc.zipAteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EB3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EFC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=198af10c-e838-4982-a564-e08a82a398e4AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://ps.pndsn.com/vAteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://agent-api.atera.com/Production/Agent/AcknowledgeCommandsAteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://ps.atera.com/agentpackagesmac/AgentPackageTaskScheduler/13.0/AgentPackageTaskScheduler.zipAteraAgent.exe, 0000000E.00000002.3300930591.000001DD52F31000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EB3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EFC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://ps.atera.com/agentpackagesmac/AgentPackageAgentInformation/38.0/AgentPackageAgentInformationAteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FFA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52F04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FCE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FCA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                http://msdn.microsoft.K/rundll32.exe, 00000012.00000002.2268573766.0000000006CA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                https://agent-api.PAteraAgent.exe, 0000000E.00000002.3300930591.000001DD53496000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  http://www.w3.oAteraAgent.exe, 0000000D.00000002.2191000127.000001A381A99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-061~=AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageAAteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformatiAteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FFA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FCE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FCA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://agent-api.atera.com/Production/Agent/GetCommandsFallbackAteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD53132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://ps.atera.com/agentpackagesnet45/AgentPackageRuntimeInstaller/1.6/AgentPackageRuntimeInstalleAteraAgent.exe, 0000000E.00000002.3300930591.000001DD52F31000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EB3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52EFC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.3300930591.000001DD52FC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high

                                                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                              13.232.67.199
                                                                                                                                                                                                                                              		ps.pndsn.comUnited States
                                                                                                                                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                                                                                                                                              108.158.75.46
                                                                                                                                                                                                                                              		d25btwd9wax8gu.cloudfront.netUnited States
                                                                                                                                                                                                                                              		16509AMAZON-02USfalse

                                                                                                                                                                                                                                              General Information

                                                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                              Analysis ID:1561812
                                                                                                                                                                                                                                              Start date and time:2024-11-24 11:24:09 +01:00
                                                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                              Overall analysis duration:0h 9m 29s
                                                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                              Number of analysed new started processes analysed:26
                                                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                                                              Sample name:ListaItensVistoriaCorpodeBombeirosObrigatorio.msi
                                                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                                                              Classification:mal88.troj.spyw.evad.winMSI@37/84@11/2
                                                                                                                                                                                                                                              EGA Information:Failed
                                                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                                                              • Successful, ratio: 75%
                                                                                                                                                                                                                                              • Number of executed functions: 388
                                                                                                                                                                                                                                              • Number of non-executed functions: 2
                                                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                                                              • Found application associated with file extension: .msi

                                                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 40.119.152.241, 2.20.68.210, 2.20.68.201, 192.229.221.95, 199.232.214.172
                                                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): crl.edge.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, cacerts.digicert.com, agentsapi.trafficmanager.net, ctldl.windowsupdate.com, a767.dspw65.akamai.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ocsp.digicert.com, atera-agent-api-eu.westeurope.cloudapp.azure.com, ocsp.edge.digicert.com, crl3.digicert.com, crl4.digicert.com, wu-b-net.trafficmanager.net
                                                                                                                                                                                                                                              • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 7604 because it is empty
                                                                                                                                                                                                                                              • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 7976 because it is empty
                                                                                                                                                                                                                                              • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 8156 because it is empty
                                                                                                                                                                                                                                              • Execution Graph export aborted for target AteraAgent.exe, PID 6204 because it is empty
                                                                                                                                                                                                                                              • Execution Graph export aborted for target AteraAgent.exe, PID 6220 because it is empty
                                                                                                                                                                                                                                              • Execution Graph export aborted for target rundll32.exe, PID 5020 because it is empty
                                                                                                                                                                                                                                              • Execution Graph export aborted for target rundll32.exe, PID 5032 because it is empty
                                                                                                                                                                                                                                              • Execution Graph export aborted for target rundll32.exe, PID 5548 because it is empty
                                                                                                                                                                                                                                              • Execution Graph export aborted for target rundll32.exe, PID 7252 because it is empty
                                                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                              • VT rate limit hit for: ListaItensVistoriaCorpodeBombeirosObrigatorio.msi

                                                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                                                              05:25:06API Interceptor2x Sleep call for process: rundll32.exe modified
                                                                                                                                                                                                                                              05:25:12API Interceptor1813979x Sleep call for process: AteraAgent.exe modified
                                                                                                                                                                                                                                              05:25:36API Interceptor3x Sleep call for process: AgentPackageAgentInformation.exe modified

                                                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                                                              IPs

                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                              13.232.67.199registration.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                portal.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                  file_66efd0132ceed.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                    setup (1).msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                      108.158.75.46portal.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                        setup (1).msiGet hashmaliciousAteraAgentBrowse

                                                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                          ps.pndsn.comregistration.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 13.232.67.198
                                                                                                                                                                                                                                                          portal.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 13.232.67.199
                                                                                                                                                                                                                                                          Digital.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 13.232.67.198
                                                                                                                                                                                                                                                          file_66efd0132ceed.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 13.232.67.199
                                                                                                                                                                                                                                                          Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 13.232.67.198
                                                                                                                                                                                                                                                          e0#U05ea.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 13.232.67.198
                                                                                                                                                                                                                                                          ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 13.232.67.198
                                                                                                                                                                                                                                                          BOMB-762.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 35.157.63.227
                                                                                                                                                                                                                                                          9rSeCZbjZE.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 35.157.63.229
                                                                                                                                                                                                                                                          Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 35.157.63.229
                                                                                                                                                                                                                                                          bg.microsoft.map.fastly.netregistration.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                                                                          Digital.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                                                                          file_66efd0132ceed.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                                                                          Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                                                                          e0#U05ea.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                                                                          ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                                                                          zapret.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                                                                          canva.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousJasonRATBrowse
                                                                                                                                                                                                                                                          • 199.232.210.172
                                                                                                                                                                                                                                                          4yOuoT4GFy.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                                                                                                                                          • 199.232.214.172
                                                                                                                                                                                                                                                          d25btwd9wax8gu.cloudfront.netregistration.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 108.158.75.12
                                                                                                                                                                                                                                                          portal.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 108.158.75.46
                                                                                                                                                                                                                                                          Digital.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 108.158.75.4
                                                                                                                                                                                                                                                          file_66efd0132ceed.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 108.158.75.93
                                                                                                                                                                                                                                                          Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 108.158.75.93
                                                                                                                                                                                                                                                          e0#U05ea.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 108.158.75.93
                                                                                                                                                                                                                                                          ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 108.158.75.12
                                                                                                                                                                                                                                                          BOMB-762.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 18.245.46.47
                                                                                                                                                                                                                                                          9rSeCZbjZE.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 13.35.58.104
                                                                                                                                                                                                                                                          Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 99.86.114.21

                                                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                          AMAZON-02USregistration.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 108.158.75.12
                                                                                                                                                                                                                                                          portal.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 108.158.75.46
                                                                                                                                                                                                                                                          Digital.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 13.232.67.198
                                                                                                                                                                                                                                                          file_66efd0132ceed.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 13.232.67.199
                                                                                                                                                                                                                                                          Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 13.232.67.198
                                                                                                                                                                                                                                                          e0#U05ea.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 13.232.67.198
                                                                                                                                                                                                                                                          ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 108.158.75.12
                                                                                                                                                                                                                                                          zgp.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                          • 13.245.101.151
                                                                                                                                                                                                                                                          santi.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                          • 13.248.169.48
                                                                                                                                                                                                                                                          PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                          • 13.248.169.48
                                                                                                                                                                                                                                                          AMAZON-02USregistration.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 108.158.75.12
                                                                                                                                                                                                                                                          portal.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 108.158.75.46
                                                                                                                                                                                                                                                          Digital.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 13.232.67.198
                                                                                                                                                                                                                                                          file_66efd0132ceed.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 13.232.67.199
                                                                                                                                                                                                                                                          Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 13.232.67.198
                                                                                                                                                                                                                                                          e0#U05ea.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 13.232.67.198
                                                                                                                                                                                                                                                          ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 108.158.75.12
                                                                                                                                                                                                                                                          zgp.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                          • 13.245.101.151
                                                                                                                                                                                                                                                          santi.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                          • 13.248.169.48
                                                                                                                                                                                                                                                          PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                          • 13.248.169.48

                                                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                          3b5074b1b5d032e5620f69f9f700ff0eregistration.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 108.158.75.46
                                                                                                                                                                                                                                                          • 13.232.67.199
                                                                                                                                                                                                                                                          portal.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 108.158.75.46
                                                                                                                                                                                                                                                          • 13.232.67.199
                                                                                                                                                                                                                                                          Digital.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 108.158.75.46
                                                                                                                                                                                                                                                          • 13.232.67.199
                                                                                                                                                                                                                                                          file_66efd0132ceed.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 108.158.75.46
                                                                                                                                                                                                                                                          • 13.232.67.199
                                                                                                                                                                                                                                                          Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 108.158.75.46
                                                                                                                                                                                                                                                          • 13.232.67.199
                                                                                                                                                                                                                                                          e0#U05ea.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 108.158.75.46
                                                                                                                                                                                                                                                          • 13.232.67.199
                                                                                                                                                                                                                                                          ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          • 108.158.75.46
                                                                                                                                                                                                                                                          • 13.232.67.199
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                                                                          • 108.158.75.46
                                                                                                                                                                                                                                                          • 13.232.67.199
                                                                                                                                                                                                                                                          CargoInvoice_Outstanding_56789_2024-11-21.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                                                          • 108.158.75.46
                                                                                                                                                                                                                                                          • 13.232.67.199
                                                                                                                                                                                                                                                          ZEcVl5jzXD.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                          • 108.158.75.46
                                                                                                                                                                                                                                                          • 13.232.67.199

                                                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                          C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllregistration.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                            portal.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                              Digital.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                file_66efd0132ceed.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                  Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    e0#U05ea.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                      ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                        setup (1).msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                          BOMB-762.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                            LaudoBombeirosPDF.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                              C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeregistration.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                portal.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                  Digital.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                    file_66efd0132ceed.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                      Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                        e0#U05ea.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                          ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                            setup (1).msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                              BOMB-762.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                LaudoBombeirosPDF.msiGet hashmaliciousAteraAgentBrowse

                                                                                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                                                                                  C:\Config.Msi\47e055.rbs

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):8887
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.655000708571265
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:192:/jlxz1ccbTOOeMeo+61R7r6IHfR7r6kAVv70HVotBVeZEmzmYpLAV77b0pY9Xr:/xD28ZpZtiB2ir
                                                                                                                                                                                                                                                                                                  MD5:649BE147804441C8DE1F3C56FEAD3C22
                                                                                                                                                                                                                                                                                                  SHA1:84AE70E48E8345B9BE3F18E524210242328FF841
                                                                                                                                                                                                                                                                                                  SHA-256:762C7101E417BAEF8D7768A79B3716C5D166D44947372272171C69735F6A8B7E
                                                                                                                                                                                                                                                                                                  SHA-512:98FED977E3AA9A4CB358DB8840C423B64954FA725913C9E7B9C77D417220AF4BCE0AA5FA254D3BB1C078900A2436B00510E4CF37821F476EA9F106842D6EA4BD
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Config.Msi\47e055.rbs, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Preview:...@IXOS.@.....@%+xY.@.....@.....@.....@.....@.....@......&.{E732A0D7-A2F2-4657-AC41-B19742648E45}..AteraAgent1.ListaItensVistoriaCorpodeBombeirosObrigatorio.msi.@.....@.....@.....@........&.{721AD955-79FD-4019-BBF5-9DCC4C1175BB}.....@.....@.....@.....@.......@.....@.....@.......@......AteraAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....StopAteraServiceQuiet....KillAteraTaskQuiet....ProcessComponents..Updating component registration..&.{F7DFE9BA-9FAD-11DA-9578-00E08161165F}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{C8C868DC-3A5E-4180-A7BB-03D6282966CB}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{0EC8B23C-C723-41E1-9105-4B9C2CDAD47A}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{F1B1B9D1-F1B0-420C-9D93-F04E9BD4795D}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{5F95F700-DCA4-4880-B2D2-891AE0D6E1A3}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{F62C52BA-15C7-4C3D-AAB2-DE65004F9665}&.{E732A0D7-A2F2-4657-AC41-B

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):753
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.853078320826549
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:qLLYem7haYNem7hcomf3em7hUQLtygXnC9xkKxeCsx/Yem7haYNem7hcomf3em7B:qLUVhzVhM3VhdLtXXIxkKxeCsOVhzVhY
                                                                                                                                                                                                                                                                                                  MD5:8298451E4DEE214334DD2E22B8996BDC
                                                                                                                                                                                                                                                                                                  SHA1:BC429029CC6B42C59C417773EA5DF8AE54DBB971
                                                                                                                                                                                                                                                                                                  SHA-256:6FBF5845A6738E2DC2AA67DD5F78DA2C8F8CB41D866BBBA10E5336787C731B25
                                                                                                                                                                                                                                                                                                  SHA-512:CDA4FFD7D6C6DFF90521C6A67A3DBA27BF172CC87CEE2986AE46DCCD02F771D7E784DCAD8AEA0AD10DECF46A1C8AE1041C184206EC2796E54756E49B9217D7BA
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Preview:.Installing assembly 'C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.. logfile = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog..Installing service AteraAgent.....Service AteraAgent has been successfully installed...Creating EventLog source AteraAgent in log Application.....Committing assembly 'C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.. logfile = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog..

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallState

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (7463), with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):7466
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.1606801095705865
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:96:R3DrP/zatgCnNjn1x62muDr9aHmzcv/65m7JDcm0BefnanGEkn56vT4ZvR++JDr+:NexdYX7OSRjXsaA0Ndhi
                                                                                                                                                                                                                                                                                                  MD5:362CE475F5D1E84641BAD999C16727A0
                                                                                                                                                                                                                                                                                                  SHA1:6B613C73ACB58D259C6379BD820CCA6F785CC812
                                                                                                                                                                                                                                                                                                  SHA-256:1F78F1056761C6EBD8965ED2C06295BAFA704B253AFF56C492B93151AB642899
                                                                                                                                                                                                                                                                                                  SHA-512:7630E1629CF4ABECD9D3DDEA58227B232D5C775CB480967762A6A6466BE872E1D57123B08A6179FE1CFBC09403117D0F81BC13724F259A1D25C1325F1EAC645B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?><ArrayOfKeyValueOfanyTypeanyType xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns:x="http://www.w3.org/2001/XMLSchema" z:Id="1" z:Type="System.Collections.Hashtable" z:Assembly="0" xmlns:z="http://schemas.microsoft.com/2003/10/Serialization/" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><LoadFactor z:Id="2" z:Type="System.Single" z:Assembly="0" xmlns="">0.72</LoadFactor><Version z:Id="3" z:Type="System.Int32" z:Assembly="0" xmlns="">2</Version><Comparer i:nil="true" xmlns="" /><HashCodeProvider i:nil="true" xmlns="" /><HashSize z:Id="4" z:Type="System.Int32" z:Assembly="0" xmlns="">3</HashSize><Keys z:Id="5" z:Type="System.Object[]" z:Assembly="0" z:Size="2" xmlns=""><anyType z:Id="6" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays">_reserved_nestedSavedStates</anyType><anyType z:Id="7" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/20

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):145968
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.874150428357998
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:bk/SImWggsVz8TzihTmmrG/GOXYsqRK3ybTXzpUTQM9/FMp:ISWB/YrRK3yb37
                                                                                                                                                                                                                                                                                                  MD5:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                                                                                  SHA1:E9AA4E6C514EE951665A7CD6F0B4A4C49146241D
                                                                                                                                                                                                                                                                                                  SHA-256:A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
                                                                                                                                                                                                                                                                                                  SHA-512:23F3BD44A5FB66BE7FEA3F7D6440742B657E4050B565C1F8F4684722502D46B68C9E54DCC2486E7DE441482FCC6AA4AD54E94B1D73992EB5D070E2A17F35DE2F
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                                                                  • Filename: registration.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: portal.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: Digital.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: file_66efd0132ceed.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: Guidelines_for_Citizen_Safety.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: e0#U05ea.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: setup (1).msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: BOMB-762.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: LaudoBombeirosPDF.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O..e.........."...0.............f$... ...@....@.. ...............................1....`..................................$..O....@..,...............0(...`......."............................................... ............... ..H............text...|.... ...................... ..`.rsrc...,....@......................@..@.reloc.......`......................@..B................H$......H.......(...D4..........l!..p.............................................{....*.0..N........~......,.~.....+:(.......~....(........(....#.......@....,.(.....+.~.....+..*...0..;........(.......(.....1.(.......(........+....,.~.....+.~.....+..*..0..6........~....%-.&~..........s....%.....s ......o!.....o"....*...0..O........(...........~#...r...po$..........,..rG..ps%...z.rO..p.....(&....~.....o'....*..0..>........~#...r...po(............,'.~#...r...po$............,.rG..ps%...

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1442
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.076953226383825
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:JdfrdB2nk3Jc3J4YH33Jy34OqsJ+J4YHKJy34OOAPF7NhOXrRH2/d9r:3frf2nKS4YHJyILsJ+J4YHKJyIv47O7w
                                                                                                                                                                                                                                                                                                  MD5:B3BB71F9BB4DE4236C26578A8FAE2DCD
                                                                                                                                                                                                                                                                                                  SHA1:1AD6A034CCFDCE5E3A3CED93068AA216BD0C6E0E
                                                                                                                                                                                                                                                                                                  SHA-256:E505B08308622AD12D98E1C7A07E5DC619A2A00BCD4A5CBE04FE8B078BCF94A2
                                                                                                                                                                                                                                                                                                  SHA-512:FB6A46708D048A8F964839A514315B9C76659C8E1AB2CD8C5C5D8F312AA4FB628AB3CE5D23A793C41C13A2AA6A95106A47964DAD72A5ECB8D035106FC5B7BA71
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /></startup>.... <appSettings>.. .. .. .. <add key="ClientSettingsProvider.ServiceUri" value="" />.. </appSettings>.. .. .. <system.web>.. <membership defaultProvider="ClientAuthenticationMembershipProvider">.. <providers>.. <add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />.. </providers>.. </membership>.. <roleManager defaultProvider="ClientRoleProvider" enabled="true">.. <providers>.. <add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):3318832
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.534876879948643
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:49152:yIBbo0WIgmjljFtXCdRLRBcJd+KaGxHIkMNqzP56O8lZ7qXUqi9p:DBbBWIgWljGxRB/LLp
                                                                                                                                                                                                                                                                                                  MD5:11CC798BAFA45BE12D27C68D6B59BA27
                                                                                                                                                                                                                                                                                                  SHA1:4D1CA0C0F1BC3691F5F852CC8D3ED88605B70434
                                                                                                                                                                                                                                                                                                  SHA-256:443A1C088E62810A954FFE9F0136F7A8D5E44928425D23B5284D936270D9837A
                                                                                                                                                                                                                                                                                                  SHA-512:FA0AEAF5309FD1593DB8AF774F18AA9CDA9B7ABD3F32D34CFD1B615EE68CECA0155DFB0AB7351E182B1B9D872BF41B19E66D2B597D2BA6300AF332A0F525C75A
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                                                                  • Filename: registration.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: portal.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: Digital.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: file_66efd0132ceed.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: Guidelines_for_Citizen_Safety.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: e0#U05ea.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: ReceitaFederal-consulta-yFZMA-45896_v.3_35687.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: setup (1).msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: BOMB-762.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  • Filename: LaudoBombeirosPDF.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R............" ..0..r2..........&1.. ....2...... ........................2.....i.3...@.................................G&1.O.....2..............|2.0(....2.....X.(.p............................................ ............... ..H............text....p2.. ...r2................. ..`.rsrc.........2......t2.............@..@.reloc........2......z2.............@..B................{&1.....H...........$....................(.....................................V!........s.........*.~....-*(....o....o....o.........~....-.~.........~....*..( ...*...0..G.......(!....o"....s.1....s*,..%..(.... ....o.....o 0...Zo....t....o8(..(....*..0..$..........(.....(....o.....(!.......io#...*z...(....(!....o"...o....(....*..0............T....r...p.(O....o$....(....*..0..I.......sG...sB)..s.(..s.(...(....s6(....,..o%....2...(....sV(....+.....%..ox...*..( ...*V.(&.....}......}..

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):215088
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.030864151731967
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:r1uYsjrFIzmuxpOI/1MvCdRbpSISC8j7s/k:mIzm6pOIgvr7ok
                                                                                                                                                                                                                                                                                                  MD5:C106DF1B5B43AF3B937ACE19D92B42F3
                                                                                                                                                                                                                                                                                                  SHA1:7670FC4B6369E3FB705200050618ACAA5213637F
                                                                                                                                                                                                                                                                                                  SHA-256:2B5B7A2AFBC88A4F674E1D7836119B57E65FAE6863F4BE6832C38E08341F2D68
                                                                                                                                                                                                                                                                                                  SHA-512:616E45E1F15486787418A2B2B8ECA50CACAC6145D353FF66BF2C13839CD3DB6592953BF6FEED1469DB7DDF2F223416D5651CD013FB32F64DC6C72561AB2449AE
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0..............'... ...@....... ....................................`..................................'..O....@..t............ ..0(...`.......&..T............................................ ............... ..H............text........ ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................'......H........... ...................$&........................................( ...*"..(!...*&...("...*&...(#...*2.r...p(....*"..(....*&...(....*&...(....*2.rE..p(....*"..(....*&...(....*&...(....*2.r...p(....*"..(....*&...(....*&...(....*J..r...p($...(....*v....(%.....(%.....(%...(....*....L...%...%.r...p.%...%.r...p.%....%.r+..p.%...(&...(....*..(....*&...(....*&...(....*.0..)........{.........('...t......|......(...+...3.*....0..)........{.........()...t......|......(...+...3.

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):710192
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.96048066969898
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:3BARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTUU:3BA/ZTvQD0XY0AJBSjRlXP36RMGV
                                                                                                                                                                                                                                                                                                  MD5:2C4D25B7FBD1ADFD4471052FA482AF72
                                                                                                                                                                                                                                                                                                  SHA1:FD6CD773D241B581E3C856F9E6CD06CB31A01407
                                                                                                                                                                                                                                                                                                  SHA-256:2A7A84768CC09A15362878B270371DAAD9872CAACBBEEBE7F30C4A7ED6C03CA7
                                                                                                                                                                                                                                                                                                  SHA-512:F7F94EC00435466DB2FB535A490162B906D60A3CFA531A36C4C552183D62D58CCC9A6BB8BBFE39815844B0C3A861D3E1F1178E29DBCB6C09FA2E6EBBB7AB943A
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ......J.....`.....................................O.......................0(.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):384542
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999374626035649
                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:viqRTU5exRWDCtTLvL0XRFJE9A+BQlv9I+NBsNQvaNXvhGf1mzVeUXJLo:vil/DSLvAJ6CxBHmJXVpJLo
                                                                                                                                                                                                                                                                                                  MD5:4A09A87D2004DAC4B00687E9C9F15036
                                                                                                                                                                                                                                                                                                  SHA1:C78BB288E7A96642093ABE44CB9B7BBD3EC447BA
                                                                                                                                                                                                                                                                                                  SHA-256:2DBC8CF2592604C09793CBED61E0B072B1B1FFA375FB3C9ABCA83FA0E18AB9A5
                                                                                                                                                                                                                                                                                                  SHA-512:F555F5A0BB80514BC71BB33A77620D28A9E6715E538372AAA7F0500BC8D5BFE8511F5CA982E15304422479FF693E6F38510D6616A94580FC1B105DD2DA605EAA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:PK..-......9lY...}........=...AgentPackageAgentInformation/AgentPackageAgentInformation.exe....(...................,...1.9>ks'6.s+a.....q!b.N......C...... $..:-u.&.......@~...!s.....}...;.._.0.A.... S.....P...(/.Lc..v.!......CH....(..j..T..4m.ty...........;.uj.Dv2..m...`v._....?. ..W.....O.|.EgdF..vL.^../..?!e../eRs..{.[.m........q$0..o..%..2..._....IW`m>".~6.y....w....G.z.v..~.t.#.mg.l7..6#..W..........V..#..........l|.K..=.&q=3y.g..KL.x`.D.L.,..l..Qw...^lSr#\.=...`'&..A.>.ME`..!....g.z....A../........6.||..-.....,...I.3.n.P..%..}oZ.~.'..q]JY)...G]Z=.^..2..[c.t.O5DI.O.H..{>....+n.'...!..#z..(F.Ue."...#.........z....L..tLv.3.8?..t\-..h.e.S.^W.....W..z.....Y|....P.....&.6.\5cs..X....F.......~a...Z@5.@....}....o...8B.?...r.....kS....`iT.q-)8.~.YU....w.kh.]......V..OZEI..@...>.9.......B76.O...b.7.u..kh.L.$....Q...F2^.J.L.C<"m.c..X..-...XQ...P=2.e/.fA...8..a...z...w8W.^w-..[!....QI}:2.?..K....34....}"...........\.%.X.j@G..4...f....<..v@.`.w

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):177704
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.814572246989157
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:2DpvOyLSson7aezB53Pbsk4GJCMA1TSuAehuZ7f2lz8/Cvolc3a:2D4y07asBx4krGSegZX3
                                                                                                                                                                                                                                                                                                  MD5:FD9DF72620BCA7C4D48BC105C89DFFD2
                                                                                                                                                                                                                                                                                                  SHA1:2E537E504704670B52CE775943F14BFBAF175C1B
                                                                                                                                                                                                                                                                                                  SHA-256:847D0CD49CCE4975BAFDEB67295ED7D2A3B059661560CA5E222544E9DFC5E760
                                                                                                                                                                                                                                                                                                  SHA-512:47228CBDBA54CD4E747DBA152FEB76A42BFC6CD781054998A249B62DD0426C5E26854CE87B6373F213B4E538A62C08A89A488E719E2E763B7B968E77FBF4FC02
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....2g.........."...0................. ........@.. ..............................y.....`.....................................O.......................((..........X................................................ ............... ..H............text...0.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H...................,....................................................0..........r...p... .....r...p.(.....o......(.....o......(.....o...........s......[o .....s!...%.o".......o#.....s$..........s%...%......io&...%o'.....o(.......o)...o).....(*...*..0..........r...p... .....r...p.(.....o......(.....o.......(+..........s......[o .....s!...%.o".......o,.......s-..........s%......i.l.....%......io........o)...o)...(.........o/...*..(0...*..{....*"..}....*..{....*"..}....*..{.

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):546
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.048902065665432
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:MMHdG3VSQg9LNFF7ap+5v5OXrRf/2//FicYo4xm:JdASPF7NhOXrRH2/d9r
                                                                                                                                                                                                                                                                                                  MD5:158FB7D9323C6CE69D4FCE11486A40A1
                                                                                                                                                                                                                                                                                                  SHA1:29AB26F5728F6BA6F0E5636BF47149BD9851F532
                                                                                                                                                                                                                                                                                                  SHA-256:5E38EF232F42F9B0474F8CE937A478200F7A8926B90E45CB375FFDA339EC3C21
                                                                                                                                                                                                                                                                                                  SHA-512:7EEFCC5E65AB4110655E71BC282587E88242C15292D9C670885F0DAAE30FA19A4B059390EB8E934607B8B14105E3E25D7C5C1B926B6F93BDD40CBD284AAA3CEB
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>...<supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>..

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):12
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.584962500721156
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:WhWbn:WCn
                                                                                                                                                                                                                                                                                                  MD5:EB053699FC80499A7185F6D5F7D55BFE
                                                                                                                                                                                                                                                                                                  SHA1:9700472D22B1995C320507917FA35088AE4E5F05
                                                                                                                                                                                                                                                                                                  SHA-256:BCE3DFDCA8F0B57846E914D497F4BB262E3275F05EA761D0B4F4B778974E6967
                                                                                                                                                                                                                                                                                                  SHA-512:D66FA39C69D9C6448518CB9F98CBDAD4CE5E93CEEF8D20CE0DEEF91FB3E512B5D5A9458F7B8A53D4B68D693107872C5445E99F87C948878F712F8A79BC761DBF
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:version=38.0

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):96808
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.1799972918389185
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:UJt7dqUlizL21LDdeOKTfLz2L506wFj/XxFoKjhJG/50vks00UfgfgvO1762A:UQUm2H5KTfOLgxFJjE50vksVUfPvO1W
                                                                                                                                                                                                                                                                                                  MD5:E2A9291940753244C88CB68D28612996
                                                                                                                                                                                                                                                                                                  SHA1:BAD8529A85C32E5C26C907CFB2FB0DA8461407AE
                                                                                                                                                                                                                                                                                                  SHA-256:6565E67D5DB582B3DE0B266EB59A8ACEC7CDF9943C020CB6879833D8BD784378
                                                                                                                                                                                                                                                                                                  SHA-512:F07669A3939E3E6B5A4D90C3A5B09CA2448E8E43AF23C08F7A8621817A49F7B0F5956D0539333A6DF334CC3E517255242E572EAEF02A7BBF4BC141A438BF9EB9
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0.d.........." ..0..H..........zf... ........... ..............................Y.....`.................................(f..O.......8............R..((...........d............................................... ............... ..H............text....F... ...H.................. ..`.rsrc...8............J..............@..@.reloc...............P..............@..B................\f......H........k..D............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tR...r...p((..

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):704552
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.953959038895453
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:/9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3i:/8m657w6ZBLmkitKqBCjC0PDgM5y
                                                                                                                                                                                                                                                                                                  MD5:3EF8D12AA1D48DEC3AC19A0CEABD4FD8
                                                                                                                                                                                                                                                                                                  SHA1:C81B7229A9BD55185A0EDCCB7E6DF3B8E25791CF
                                                                                                                                                                                                                                                                                                  SHA-256:18C1DDBDBF47370CC85FA2CF7BA043711AB3EADBD8DA367638686DFD6B735C85
                                                                                                                                                                                                                                                                                                  SHA-512:0FF2E8DBFEF7164B22F9AE9865E83154096971C3F0B236D988AB947E803C1ED03D86529AB80D2BE9FF33AF305D34C9B30082F8C26E575F0979CA9287B415F9F9
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ...............................C....`.....................................O.......................((.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):602672
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.145404526272746
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6144:UShQrHBJEwJiIJJ8TihsEWdzs29glRleqn4uRTJgwhVHhoNw0r17K7DDaiC3KM+9:gHDxJGihsEKwSuTuwvOWgFA
                                                                                                                                                                                                                                                                                                  MD5:17D74C03B6BCBCD88B46FCC58FC79A0D
                                                                                                                                                                                                                                                                                                  SHA1:BC0316E11C119806907C058D62513EB8CE32288C
                                                                                                                                                                                                                                                                                                  SHA-256:13774CC16C1254752EA801538BFB9A9D1328F8B4DD3FF41760AC492A245FBB15
                                                                                                                                                                                                                                                                                                  SHA-512:F1457A8596A4D4F9B98A7DCB79F79885FA28BD7FC09A606AD3CD6F37D732EC7E334A64458E51E65D839DDFCDF20B8B5676267AA8CED0080E8CF81A1B2291F030
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X............." ..0............." ... ...@....... ....................................`.....................................O....@..|...............0(...`..........T............................................ ............... ..H............text...(.... ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B................. ......H............{..................x.......................................r.(......}......}......}....*....0..,........-..{.....o...+.+..{.....{....s.....o...+..*V.(......}......}....*...0...................-..+..o....s"........o$......o,....,..o....,...,....o(........,...oH...,...o......+.......9......o....,..{......o....o....o......s..........o&...8.....{......o....o........9e.....o.....?X.....r...po....9G.....r...po....o....r...p.( ...9&.....r...po....9......r...po....o.....

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):73264
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.954475034553661
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:6784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaAR7HxRq:67N1r9KGI04CCARLq
                                                                                                                                                                                                                                                                                                  MD5:F4D9D65581BD82AF6108CFA3DD265A9A
                                                                                                                                                                                                                                                                                                  SHA1:A926695B1E5D3842D8345C56C087E58845307A16
                                                                                                                                                                                                                                                                                                  SHA-256:A3219CD30420EBCF7507C9C9F92FD551AE19999BE247CAA861A8A22D265BE379
                                                                                                                                                                                                                                                                                                  SHA-512:144C1195A440907592B22FC947F4284CA36869BDAE495EC8CA5212AF4F63E8E8492FB0EC3B37BF66DB912AF30864C69588D0E35ED9B3D24D36DF3B09DDB5B6C3
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`.......f....@.....................................O.... ..P...............0(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H.......$...h...........................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):224
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.183612402980689
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:A0KQLHIANgVCMi+919wqWluiKFHnFSLRg42VVeUUFbm00Su0rVtySVSkNMVzfGvp:AkLSCM1919w3pKFSQaR0krVtylkwUDX
                                                                                                                                                                                                                                                                                                  MD5:93D913E094B4489AA4CFE5B6EC2B5A0B
                                                                                                                                                                                                                                                                                                  SHA1:7D28CDB5EFC293C6BFF9925510EDB1A24E6A4297
                                                                                                                                                                                                                                                                                                  SHA-256:D220353E68C8AE5EAB9F9D9542C7EF67A5460AE5554FD7797E6E4BDA2C722BD1
                                                                                                                                                                                                                                                                                                  SHA-512:0431A2968DB208E338880E3EB746DAFB50E02C420A16B6CD7071679675E65CFE572767EE5F312BD2BF9ACD658889AA23CEE4400F6254436807C1F7C026D70D0A
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:/i /IntegratorLogin=comunicado@gestorempresas.digital /CompanyId=1 /IntegratorLoginUI= /CompanyIdUI= /FolderId= /AccountId=001Q3000006YrPqIAK /AgentId=036a7bb6-e9ab-4003-820d-512fa1b48707.24/11/2024 05:25:14 Trace Starting..

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AteraAgent.exe.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2402
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.362731083469072
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:MxHKQg8mHDp684IHTQ06YHKGSI6oPtHTHhAHKKk+HKlT4v1qHGIs0HKaHKmTHlH7:iqzCIzQ06YqGSI6oPtzHeqKk+qZ4vwme
                                                                                                                                                                                                                                                                                                  MD5:28B4BFE9130A35038BD57B2F89847BAE
                                                                                                                                                                                                                                                                                                  SHA1:8DBF9D2800AB08CCA18B4BA00549513282B774A9
                                                                                                                                                                                                                                                                                                  SHA-256:19F498CAE589207075B8C82D7DACEAE23997D61B93A971A4F049DC14C8A3D514
                                                                                                                                                                                                                                                                                                  SHA-512:02100FD4059C4D32FBAAA9CEAACB14C50A4359E4217203B2F7A40E298AD819ED5469F2442291F12852527A2B7109CC5F7BFF7FDAD53BA5ABF75FC5F0474E984F
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.ServiceProcess, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv759bfb78#\e2ca4e2ddffdc0d0bda3f2ca65249790\System.ServiceProcess.ni.dll",0..3,"System.Configuration.Install, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Confe64a9051#\434f871c532673e1359654ad68a1c225\System.Configuration.Install.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\a

                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):651
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.343677015075984
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhaOK9eDLI4MNJK9P/JNTK9yiv:ML9E4KlKDE4KhKiKhPKIE4oKNzKoM
                                                                                                                                                                                                                                                                                                  MD5:7EEF860682F76EC7D541A8C1A3494E3D
                                                                                                                                                                                                                                                                                                  SHA1:58D759A845D2D961A5430E429EF777E60C48C87E
                                                                                                                                                                                                                                                                                                  SHA-256:65E958955AC5DBB7D7AD573EB4BB36BFF4A1DC52DD16CF79A5F7A0FA347727F1
                                                                                                                                                                                                                                                                                                  SHA-512:BF7767D55F624B8404240953A726AA616D0CE60EC1B3027710B919D6838EFF7281A79B49B22AB8B065D8CA921EF4D09017A0991CB4A21DAF09B3B43E6698CB04
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\47e054.msi

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2994176
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.8786797529497665
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:49152:B+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:B+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                                                                                                                                                                                                                                  MD5:8A685B955BED68D969DDEA75D5CE51BF
                                                                                                                                                                                                                                                                                                  SHA1:2C66035DDA36813B6D139C228148CE3A7FACA9C2
                                                                                                                                                                                                                                                                                                  SHA-256:1484770B005CEF914A0710B85D2C57AD96C1C48ABBEB0F3C4055B19C1299D12E
                                                                                                                                                                                                                                                                                                  SHA-512:A9C50D981E62D7DA7A7926265B16213CB990E203ECCB46F2D2F9DF0C20FDBB792099A36359B845A9073E19FC8FDB6318D9E3DA812CBC6160BE41B7CAA72A91E5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\47e056.msi

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):2994176
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.8786797529497665
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:49152:B+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:B+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                                                                                                                                                                                                                                  MD5:8A685B955BED68D969DDEA75D5CE51BF
                                                                                                                                                                                                                                                                                                  SHA1:2C66035DDA36813B6D139C228148CE3A7FACA9C2
                                                                                                                                                                                                                                                                                                  SHA-256:1484770B005CEF914A0710B85D2C57AD96C1C48ABBEB0F3C4055B19C1299D12E
                                                                                                                                                                                                                                                                                                  SHA-512:A9C50D981E62D7DA7A7926265B16213CB990E203ECCB46F2D2F9DF0C20FDBB792099A36359B845A9073E19FC8FDB6318D9E3DA812CBC6160BE41B7CAA72A91E5
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI17E.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):216496
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                                  MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                                  SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                                  SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                                  SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI1EAC.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                  Size (bytes):521954
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                                  MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                                  SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                                  SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                                  SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI1EAC.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):25600
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                                  MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                                  SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                                  SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                                  SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSI1EAC.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI1EAC.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1538
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                                  MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                                  SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                                  SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                                  SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI1EAC.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):184240
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                                  MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                                  SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                                  SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                                  SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI1EAC.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):711952
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                                  MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                                  SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                                  SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                                  SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI1EAC.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):61448
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                                  MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                                  SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                                  SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                                  SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI5.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):216496
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                                  MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                                  SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                                  SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                                  SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI74.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):216496
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                                  MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                                  SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                                  SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                                  SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIE1AC.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):521954
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                                  MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                                  SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                                  SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                                  SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIE1AC.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):25600
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                                  MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                                  SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                                  SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                                  SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIE1AC.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIE1AC.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1538
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                                  MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                                  SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                                  SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                                  SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIE1AC.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):184240
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                                  MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                                  SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                                  SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                                  SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIE1AC.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):711952
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                                  MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                                  SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                                  SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                                  SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIE1AC.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):61448
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                                  MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                                  SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                                  SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                                  SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIE3EF.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):521954
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                                  MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                                  SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                                  SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                                  SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIE3EF.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):25600
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                                  MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                                  SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                                  SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                                  SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIE3EF.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIE3EF.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1538
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                                  MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                                  SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                                  SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                                  SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIE3EF.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):184240
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                                  MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                                  SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                                  SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                                  SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIE3EF.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):711952
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                                  MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                                  SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                                  SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                                  SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIE3EF.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):61448
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                                  MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                                  SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                                  SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                                  SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIFDA2.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):521954
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                                  MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                                  SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                                  SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                                  SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIFDA2.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):25600
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                                  MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                                  SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                                  SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                                  SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIFDA2.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIFDA2.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1538
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                                  MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                                  SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                                  SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                                  SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIFDA2.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):184240
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                                  MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                                  SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                                  SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                                  SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIFDA2.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):711952
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                                  MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                                  SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                                  SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                                  SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIFDA2.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):61448
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                                  MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                                  SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                                  SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                                  SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIFFF5.tmp

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):437363
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.648085219022835
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12288:qt3jOZy2KsGU6a4Ksht3jOZy2KsGU6a4KsK:SzOE2Z34KGzOE2Z34Kr
                                                                                                                                                                                                                                                                                                  MD5:419DED4C0B20488040034835614E3924
                                                                                                                                                                                                                                                                                                  SHA1:97F39FC3B0242AE6690F3EE4413542E8CB107EAE
                                                                                                                                                                                                                                                                                                  SHA-256:016562C6644DD31CC2F86A2B838F9659F6F571A02635DA82212663D384EE470B
                                                                                                                                                                                                                                                                                                  SHA-512:30C2861015584A1EAB3F40ED93FC45E6B2D9320A22F0C40400E1078B29988957B2C8828366BBF53BC8BE765CDEFF2ACD6563D2E2D71098C8882EC6D58F7EA675
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIFFF5.tmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Preview:...@IXOS.@.....@$+xY.@.....@.....@.....@.....@.....@......&.{E732A0D7-A2F2-4657-AC41-B19742648E45}..AteraAgent1.ListaItensVistoriaCorpodeBombeirosObrigatorio.msi.@.....@.....@.....@........&.{721AD955-79FD-4019-BBF5-9DCC4C1175BB}.....@.....@.....@.....@.......@.....@.....@.......@......AteraAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........StopAteraServiceQuiet....J...StopAteraServiceQuiet.@A......M..MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<....................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\SourceHash{E732A0D7-A2F2-4657-AC41-B19742648E45}

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.190234280602722
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:JSbX72FjQuEXAlfLIlHmRpkh+7777777777777777777777777ZDHF0b7JLEzD8T:JKBUIYNoLEX2F+F
                                                                                                                                                                                                                                                                                                  MD5:7A8A1932C8FD604CECA48CEA42889018
                                                                                                                                                                                                                                                                                                  SHA1:DC19CB4B9E342C5E8D8B74B9BE1F02A611F6A4A2
                                                                                                                                                                                                                                                                                                  SHA-256:7ED4FCD80FABF6AFA14BA7439DF2847585C58A4947E90824E6CC77A208B245AF
                                                                                                                                                                                                                                                                                                  SHA-512:1729CE6D42FC7EF4AB4D61B845FCA76A8168AC753B14B312A0BE8C7B95234084665368330ECD9E063AAC00D96B60C303069F3172470F66F5DC2BD4EA85F70B7A
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.5770716130457312
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:K8Ph4uRc06WX4MjT5cjKBqISoedGPdGfgrLLStedGPdGRubxn:Vh418jT0KcIBo1
                                                                                                                                                                                                                                                                                                  MD5:544279A8DCF8666F66E18EE38AA33253
                                                                                                                                                                                                                                                                                                  SHA1:AC1BE69C72C3A9E5B4506C101A853AAD8150B3B4
                                                                                                                                                                                                                                                                                                  SHA-256:4B9B54BA8B7819D711DDB7A11E19FCE7288F4C10FF1E56FB74479733FA4C4100
                                                                                                                                                                                                                                                                                                  SHA-512:8112F29B022A789D73E43D1AE4642E42916B001FEB90ACC33389CA976E3F3A9F731C2452BF242975E17A45A6F031D1CC18E98555C099ABE66E896E55A2AA4FC0
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\inprogressinstallinfo.ipi, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):364484
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.365490623226803
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauU:zTtbmkExhMJCIpEr
                                                                                                                                                                                                                                                                                                  MD5:024185FBF5DF28FAE51A2F93D918A4E2
                                                                                                                                                                                                                                                                                                  SHA1:BA6C1AF2CC60A9979B7963AD73EB7302BFFB860B
                                                                                                                                                                                                                                                                                                  SHA-256:F569F074180CDF2C19407252DB5681F8E7E3CCB51CDE14FB2A1AF56E5E2D8ECA
                                                                                                                                                                                                                                                                                                  SHA-512:EDB8B75F03965988CA71BD6B468F80D3DB2617CD32906C3A98178C08390E8A3D380A48A0C5B96332C6896D9F0D2D54F02AA9CA7FB298A570DF5BB9C935F9CC5F
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\InstallUtil.InstallLog

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):704
                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.805280550692434
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:tIDRFK4mAX7RBem7hccD+PRem7hUhiiGNGNdg6MhgRBem7hccD+PRem7hUGNGNkm:Us43XVBVhcmMRVhMipNVeBVhcmMRVhro
                                                                                                                                                                                                                                                                                                  MD5:EF51E16A5B81AB912F2478FE0A0379D6
                                                                                                                                                                                                                                                                                                  SHA1:B0F9E2EE284DD1590EA31B2D3AD736D77B9FC6A7
                                                                                                                                                                                                                                                                                                  SHA-256:2C5D5397CEDF66DB724FED7FB4515B026A894F517A0DFBE8AE8ADF52DB61AA22
                                                                                                                                                                                                                                                                                                  SHA-512:296A11DB55BFEE7D87897BB63BC9E2C05786D3FD73A894DA5AF76F7A756495C6CCC0959C88844DFB5560DE2374A257201D960E004EC09D8C9DFB50952C5EF2D2
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\System32\InstallUtil.InstallLog, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Preview:...Running a transacted installation.....Beginning the Install phase of the installation...See the contents of the log file for the C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe assembly's progress...The file is located at C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog.....The Install phase completed successfully, and the Commit phase is beginning...See the contents of the log file for the C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe assembly's progress...The file is located at C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog.....The Commit phase completed successfully.....The transacted install has completed...

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1A374813EDB1A6631387E414D3E73232

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):111002
                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.451729490748972
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:1536:kPzgm47BQL7ZMFPZ7t0zfIagnbSLDII+D61SdOkC7/:kbgN7BGFoZ7+gbE8pD61JL
                                                                                                                                                                                                                                                                                                  MD5:E43056855200281951812F3A6D94EFF7
                                                                                                                                                                                                                                                                                                  SHA1:66253EFEAE45E17339D00E2277A4E619E7E2FABC
                                                                                                                                                                                                                                                                                                  SHA-256:04A68A7F0A5E5AEE56899E2080B5E5C6FCC35564F470551E8FB2031C45F2B03F
                                                                                                                                                                                                                                                                                                  SHA-512:B98CAAD890078D0FE69F35176AB294380D98B480E6BD973DA10EE31B175E63A53C5E4DFB61405B7FAB85EA5D5FB01C4869287B70D7FE2F3F50F619C313F8911C
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:0....0...|...0...*.H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..241123125041Z..241130125041Z0....0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...*B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!......S....fNj'.wy..210602000001Z0!......C.lm..B.*.....210602000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!... .}...|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!...1.o}...c/...-R}..210608000001Z0!................210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):471
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.187019651177751
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:JyYOzg5GLsHzqTykJ0Ysbwsn5SWPYkq3n:JRO0ILsyJ0Y+Z5lYn
                                                                                                                                                                                                                                                                                                  MD5:441A4996E2EE86C4B588D8C0D407E7C2
                                                                                                                                                                                                                                                                                                  SHA1:0987D79EAECF4AFAD0E5C6F7BD9BD0A90CEABBD4
                                                                                                                                                                                                                                                                                                  SHA-256:300CFA12D5560F2B04E870FE42E15B6A2007E8F53E4CE1329BD506382075E657
                                                                                                                                                                                                                                                                                                  SHA-512:8D6D5BD1EA7BAAFEB8CA750CE112ED7FAD1477E1DEEF34994A145893EED217D1A9990A52D76790F8C00484378778504626E5C6A5F5193B8DA661AFDBD62600B0
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:0..........0.....+.....0......0...0......E....1-Q...!..m....20241123190516Z0s0q0I0...+...........@..D3=?..Mn8...Q..E....1-Q...!..m..........-...P..@.Z....20241123190516Z....20241130190516Z0...*.H............._......Ym...[....K..r.....D.|.7...6/.Dd...bx*8..:.#B.....-W..3K.bW...._...........E......82oTc.",...d3C...X...U.....}.&9?...+.}{~..L|........9=..\R..{*.J/..I;:.P.H.....3..*..x....>.?.Vu{r....Jx`.i..\"{.8Kz.....z.....wD.4...O.....\"y

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):727
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.537072345098989
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:5o6Tq9R5h44TUqrqILBKSB/P8KcFHiGIkZEaOR6qtcO4CoTBF/ZW9FD1QvuTw/n/:54oqXVKSBH8KqiGZtfqiOboTBF4l1ve/
                                                                                                                                                                                                                                                                                                  MD5:49BA85BE2CB152368FE6EE8982CF3D76
                                                                                                                                                                                                                                                                                                  SHA1:F078FDB44C9C62D64DC79849C7E41DEC4441A9C0
                                                                                                                                                                                                                                                                                                  SHA-256:28B91A2A15DFCE2BB789D5CF10E55DC8D46418AF6E8574CBA83CCAD4D396BE68
                                                                                                                                                                                                                                                                                                  SHA-512:67F5293A94BF17ED5031EEC51EE06BBC467860CDC48A2712694418185C0D400386BCD3D3C4FB46E7B5E50EEE1A6A4747707A3058D0C982B4CB16E8374816E787
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:0..........0.....+.....0......0...0......h7..;._....a{..e.NB..20241123213707Z0s0q0I0...+.........]....^Idk...NG.X....h7..;._....a{..e.NB...(I.x...#...R....20241123212102Z....20241130202102Z0...*.H.............hW.~...z~.4u...VR)..../.9 .....Z...{.-....9F.4.>.....&.......5IyX._y..7.a...?...=....8......o..I6...7.G.1..h*.*`.. ......(q.t...#VT.>..}.lzI2k...j.E.}s....V......F..s..O.X(x......g..9u7@!......eQ......\;..'..J5...z...JA~8....X..-.X..c..U..@K..6L...P.G.........q..z.1........i]...I..e.%...3P..m....x.....H.......Q..... Cz*.sPT.6.5.DY....o?..Z..6..>...c.-.+g.VQ...kq...N...T..X...N.p..YQ".3>_......q.Y=.[.*.Xg..4=...DvN.^.[...{..dU{P%..k. ...Ek....c[.OM.].|..o.@...1..P..4..\..*.._J.z0Y

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):737
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.5557187233228245
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:yeRLaWQMnFQlRAUcncFfBJurIT/L3wH/c9q5kvs0LQ+TDOFbx2UJhE47J:y2GWnSxuctGeqiW+Lp6L2ehE47J
                                                                                                                                                                                                                                                                                                  MD5:3DE65469B9F550FA32724673E299DFE2
                                                                                                                                                                                                                                                                                                  SHA1:4AAA64A5E233B459C3D4A5BCDD6EB115990C880D
                                                                                                                                                                                                                                                                                                  SHA-256:36BD170660F76039F65092E3CFB6F5AE7E6CE34E8E7321FABA7059E8407E3EB8
                                                                                                                                                                                                                                                                                                  SHA-512:642459FD1971BD4EBBC4C7128515F15D1F8AF15FE9AA5E992BDA18BB25B5913F3C36FCB1D9CA9D184C58F92295639976E3ECED7FEE5DEBB672C8F230EB31CD6E
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:0...0.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..241119210859Z..241210210859Z.00.0...U.#..0.......q]dL..g?....O0...U........0...*.H.............Io}x.N~...b...".F>.b9..9...(...lH.!.Pr.X..._..<.C...t....(.q....D..?...k..*.rN...{...c..=./O.G......{....a.i=}.|Cy...~......6.N.p.....)...1.;QE.\x)U.|.:.6.....(-T.....7.9.l.b..X....v..W.`..u.%T.VOHF.0.A...P...iv.Z...n0*k..w.mA.9e.'.w.....b......P.....2..X...ph.7Z..........s.'.. f...9F"....J...6../a..a..nl.IW.V..%z.....B...3.2.:hw...2b.Q._.i..N....=....F.f.%P.j.c}.sY;.+y.E.....V..7..CEj.....r.G.B.T..p....e.wa..8R..X..!..2*L.g.gx.f?e...J..FB.*.....S{..x....y.QF/.0K'....+..N....G..=.'..g....

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:Certificate, Version=3
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1716
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.596259519827648
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:GL3d+gG48zmf8grQcPJ27AcYG7i47V28Tl4JZG0FWk8ZHJ:GTd0PmfrrQG28cYG28CEJ
                                                                                                                                                                                                                                                                                                  MD5:D91299E84355CD8D5A86795A0118B6E9
                                                                                                                                                                                                                                                                                                  SHA1:7B0F360B775F76C94A12CA48445AA2D2A875701C
                                                                                                                                                                                                                                                                                                  SHA-256:46011EDE1C147EB2BC731A539B7C047B7EE93E48B9D3C3BA710CE132BBDFAC6B
                                                                                                                                                                                                                                                                                                  SHA-512:6D11D03F2DF2D931FAC9F47CEDA70D81D51A9116C1EF362D67B7874F91BF20915006F7AF8ECEBAEA59D2DC144536B25EA091CC33C04C9A3808EEFDC69C90E816
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:0...0............@.`.L.^.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...210429000000Z..360428235959Z0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA10.."0...*.H.............0........./B.(.x.].9Y...B.3..=..p..&0...h.\..4$..KO.xC........g.RO..W.......>Mp$d....}4}L.W.kC....;....GZ..L.. %............e....I5.=Q..!xE...,.......IpB2......eh..ML..HRh....W]...e...O.,H.V.5........7.....|...2........t..9..`.....1.......#GG...n..m.....jg-.D......;...2Z..j`T.I....\.o.&....8........o.a4\..E(.6*f(_.s.&%....\...L.b.^3........+..6y.....u.e..HP.w....P.F.aX..|..<.(.9....S..G.u0..0.v..[K]taM?..v.X.r.)A...m&vh.A.X..&+..MY.x.J>@G_.Ps..#!Y`.dT..!..8.|f..x8E0.O.cOL....SA|X=G....2...l<.V.........Y0..U0...U.......0.......0...U......h7..;._....a{..e.NB0...U.#..0.......q]dL..g?....O0...U...........0...U.%..0...+.......0w..+........k0i0$..+.....0...http:/

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):727
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.534031201200033
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:5onfZUxc5RlRtBfQOx/hsLzjyNiA6M4SjmFjt5Y1DohqGoz7UcN/YNjoRLUE2lH2:5iCxcdZbxJqjFJ5mDohqocRYN7latn
                                                                                                                                                                                                                                                                                                  MD5:3AA154C597F0D3EF221B82298CE04F78
                                                                                                                                                                                                                                                                                                  SHA1:C15D53176E903BFAB12665B3E42D1B9ECCFB54D0
                                                                                                                                                                                                                                                                                                  SHA-256:B75A76C1C71E981D5299E2A8F85D317D14DA91FD79A615C70EF14876EBC9557D
                                                                                                                                                                                                                                                                                                  SHA-512:B9B93ED7F99E8B96EFB85A4DC9A8CEE9F7057B87DA9C2A1FE82FE8CD308F89C42E76E9170BB429999E1D985AF7847463B8C60173C44413685472E0B5E2306324
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:0..........0.....+.....0......0...0..........q]dL..g?....O..20241123184215Z0s0q0I0...+........."..;F..=\@ua..........q]dL..g?....O....@.`.L.^........20241123184215Z....20241130184215Z0...*.H................m.iQ...1..L....W..,dJ?..0|.R}......t@.U..6.....q.*...XbF.._+_Q...X.fx.m...J..e.4.Lh.._D!.$.......(T.P._.d...A....&R.?H..#)buHT...a..a.+.D..z...cH...;..\.m....D..R5..k.+ci!=dR.\..z.4q...i.Rj.M...A..=./..J*%?m"..+\....q.D.J.",3.....0p)+.OF.r]..'....}...cN..^8s....v.|O........:.<TK.f.I.....B...=.}sU.Y....E.h...&.....S......C...l..9...&h..H....$]....w....n2n....a5.{..a......|..!v...C..3......s.2.,.......B..{!]...7..}.M[3X*..&.y.................@{.f.Y7*)w..6.dh.b]@...!.c.5...r..7m..

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:Certificate, Version=3
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1428
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.688784034406474
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:24:nIGWnSIGWnSGc9VIyy0KuiUQ+7n0TCDZJCCAyuIqwmCFUZnPQ1LSdT:nIL7LJSRQ+QgAyuxwfynPQmR
                                                                                                                                                                                                                                                                                                  MD5:78F2FCAA601F2FB4EBC937BA532E7549
                                                                                                                                                                                                                                                                                                  SHA1:DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
                                                                                                                                                                                                                                                                                                  SHA-256:552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988
                                                                                                                                                                                                                                                                                                  SHA-512:BCAD73A7A5AFB7120549DD54BA1F15C551AE24C7181F008392065D1ED006E6FA4FA5A60538D52461B15A12F5292049E929CFFDE15CC400DEC9CDFCA0B36A68DD
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:0...0..x..........W..!2.9...wu\0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...130801120000Z..380115120000Z0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40.."0...*.H.............0..........sh..]J<0"0i3..%..!=..Y..).=X.v..{....0....8..V.m...y....._..<R.R....~...W.YUr.h.p..u.js2...D.......t;mq.-... .. .c)-..^N..!a.4...^.[......4@_.zf.w.H.fWW.TX..+.O.0.V..{]..O^.5.1..^......@.y.x...j.8.....7...}...>..p.U.A2...s*n..|!L....u]xf.:1D.3@...ZI...g.'..O9..X..$\F.d..i.v.v=Y]Bv...izH....f.t..K...c....:.=...E%...D.+~....am.3...K...}....!........p,A`..c.D..vb~.....d.3....C....w.....!..T)%.l..RQGt.&..Au.z._.?..A..[..P.1..r."..|Lu?c.!_. Qko....O..E_. ........~.&...i/..-............B0@0...U.......0....0...U...........0...U..........q]dL..g?....O0...*.H..............a.}.l.........dh.V.w.p...J...x\.._...)V.6I]Dc...f.#.=y.mk.T..<.C@..P.R..;...ik.

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1A374813EDB1A6631387E414D3E73232

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                  Size (bytes):306
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.276105672159195
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:kKleA3H5DRAUSW0P3PeXJUwh8lmi36lImJGelN:NeAX51xSW0P3PeXJUZ6NXlN
                                                                                                                                                                                                                                                                                                  MD5:57CF1C7A9D828F172D955D0F274A85EA
                                                                                                                                                                                                                                                                                                  SHA1:DF37B4C6982B8357E9DE2B547F0F254C368CF95F
                                                                                                                                                                                                                                                                                                  SHA-256:E1C96544ED242D4D638E35CC02995158FFDF4818970707E2035DEC3FDFCDBDCD
                                                                                                                                                                                                                                                                                                  SHA-512:F9D35057A8F5D5E2157F5C7A0E3EE75D6A378A1259616AE2DADCECD7889CFA5D19FFCFC4CA5A6D3A6EFEF76C348C7BDBA1B39264813E7E0E39179A65AE810AE7
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:p...... .........../w...(....................................................... .........e..=.. ..."...............h.t.t.p.:././.c.r.l.3...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.G.4.C.o.d.e.S.i.g.n.i.n.g.R.S.A.4.0.9.6.S.H.A.3.8.4.2.0.2.1.C.A.1...c.r.l...".6.7.4.1.d.5.5.d.-.1.b.1.9.a."...

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):338
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.467955489419957
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:kKBK81aJFN+SkQlPlEGYRMY9z+s3Ql2DUevat:0ckPlE99SCQl2DUevat
                                                                                                                                                                                                                                                                                                  MD5:30CD811BBE58B0611642EB13D2565DDE
                                                                                                                                                                                                                                                                                                  SHA1:B354A46FD877308E2E9E3D3033B2327A218F2792
                                                                                                                                                                                                                                                                                                  SHA-256:67C21B37F2105FCFE8A05031D2643FE0F0925C907EDCDCE919EF2F6CB0F28628
                                                                                                                                                                                                                                                                                                  SHA-512:63C57DD41A5A235F9F731233C54D52498B27643ECDA714CA62B1D1410152865FAFC116CBBBC9E4EF40B5660D58960E3CEF74087A5E53AAEB2BE0C28DE51E71F9
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:p...... ........G...O...(..................................................D.>.. .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):400
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.9459454613030966
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:kKrlvWhqXlF3s8qxXlRNfOAUMivhClroFzCJCgO3lwuqDnlyQ4hY5isIlQhZgJn:hXn3h2mxMiv8sFzD3quqDkPh8Y2ZM
                                                                                                                                                                                                                                                                                                  MD5:902A5507DA0FF53E38C598669F063230
                                                                                                                                                                                                                                                                                                  SHA1:D3C9788149C62DFDA778C6DF001690F45B42E8A3
                                                                                                                                                                                                                                                                                                  SHA-256:8DB30ED0D89E408B344D6E008504D0A422CE2D3789F2CB19E9FAE7C0EC52464D
                                                                                                                                                                                                                                                                                                  SHA-512:A44E997EE124DAE366801924A2829AE4C6FA94AE5977860ECA45E907FCF0CA1DC5E5DD699E9BA9A946A0BFA3ECDB02DA71DD1C92C981B7D5082C158465E4E5AA
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:p...... ...........7[>..(................~...=....o.ZC....................o.ZC.. .........wJW>.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.3.x.L.4.L.Q.L.X.D.R.D.M.9.P.6.6.5.T.W.4.4.2.v.r.s.U.Q.Q.U.R.e.u.i.r.%.2.F.S.S.y.4.I.x.L.V.G.L.p.6.c.h.n.f.N.t.y.A.8.C.E.A.6.b.G.I.7.5.0.C.3.n.7.9.t.Q.4.g.h.A.G.F.o.%.3.D...

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):404
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.552684575972664
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:kK3l4YfOAUMivhClroFHXHDZA6liyZlSlMul0bg3PWovy28lhl+KscSikKYlFn:BmxMiv8sF3HtllJZIvOP205scn8
                                                                                                                                                                                                                                                                                                  MD5:7343B08C2D9BC1C126C29AE09FF1A393
                                                                                                                                                                                                                                                                                                  SHA1:EB53114EC0F7131D33BA58609B6488F42573A8DB
                                                                                                                                                                                                                                                                                                  SHA-256:A4D90C36A1837C2D899A80447BAF30D6212E159C72E2FBBC3A2D2157EAD43AE7
                                                                                                                                                                                                                                                                                                  SHA-512:8FAEBD2A4CDC79C515ABD66EF8A57A345D770C633EB1AFB6F5AACF79432AA1C0EE85872A4DA7741BD8ADBA6F4723881DDD934C79F2BFAA39BC68CEB7BA010BBE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:p...... .... ...........(....................................................... ...........O>.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.S.R.X.e.r.F.0.e.F.e.S.W.R.r.i.p.T.g.T.k.c.J.W.M.m.7.i.Q.Q.U.a.D.f.g.6.7.Y.7.%.2.B.F.8.R.h.v.v.%.2.B.Y.X.s.I.i.G.X.0.T.k.I.C.E.A.o.o.S.Z.l.4.5.Y.m.N.9.A.o.j.j.r.i.l.U.u.g.%.3.D...

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BA74182F76F15A9CF514DEF352303C95

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):248
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.032611618918961
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3:kkFklDi2fllXlE/xZ/JtINRR8WXdA31y+NW0y1YbXKw+l1M7GlWB5lL1AWlll:kKPZ/8FAUSW0PTKDXM6lWTJ
                                                                                                                                                                                                                                                                                                  MD5:CE716BBD08D45DF650D18106947AD898
                                                                                                                                                                                                                                                                                                  SHA1:4020990E9A6E095001F6F16332247DCCFA29B4E4
                                                                                                                                                                                                                                                                                                  SHA-256:A1FAFD4BF0E48AD882094A049B8EFC2A2F1CEB1425575AC3AB4605586B125E0C
                                                                                                                                                                                                                                                                                                  SHA-512:71F6ADBF7D0FB236EA597DEF6B999D84A4B319E6265B351E48D42857FAB0641A475D280AB9162BF24B3DE50457704CB0E5EFEAFEDDCBBC36493FB4669324389B
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:p...... ....f..........(....................................................... ........T.~.:.. ...................h.t.t.p.:././.c.r.l.3...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.R.o.o.t.G.4...c.r.l...".6.7.3.d.0.d.e.d.-.2.e.1."...

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):308
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2220888806886414
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:kKjIfzNcalgRAOAUSW0P3PeXJUwh8lmi3Y:LftWOxSW0P3PeXJUZY
                                                                                                                                                                                                                                                                                                  MD5:FA87AB0AB6683D3D05F2E2D67FE74A72
                                                                                                                                                                                                                                                                                                  SHA1:501920CB443781740C5C9A8E74550CFBA85E3692
                                                                                                                                                                                                                                                                                                  SHA-256:39F1EDDB96FA0BBE12E473E6031417DA0BB5CBE6686D1D5BBBF112862FEA75CF
                                                                                                                                                                                                                                                                                                  SHA-512:7D86B1807AEED6BE7378CE750255633CF20DC04C9969C93F901C0CBB8BEC725251F80BAF564778A5036425375BC41F8B6DBD270D4E35C51E69219A81C162818E
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:p...... .........f.._>..(....................................................... ........}.-@@......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.G.4.C.o.d.e.S.i.g.n.i.n.g.R.S.A.4.0.9.6.S.H.A.3.8.4.2.0.2.1.C.A.1...c.r.t...".6.0.9.0.3.0.2.2.-.6.b.4."...

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):412
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.552932916702903
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:kKpd3NfOAUMivhClroFfJSUm2SQwItJqB3UgPSgakZdPolRMnOlAkrn:tmxMiv8sFBSfamB3rbFURMOlAkr
                                                                                                                                                                                                                                                                                                  MD5:650DD828619EDF11D959698A701EFAAF
                                                                                                                                                                                                                                                                                                  SHA1:7E2D7B24D9ACB36E3FFABE5B83A1393314A5FD8A
                                                                                                                                                                                                                                                                                                  SHA-256:A09346190ED4E0472A36495E916206837363A5CF466C963516B529E459240091
                                                                                                                                                                                                                                                                                                  SHA-512:C53B3C2B7906255E447EE733E10373E113DD5115A5BA54985ACD712C6BE082B515F966351E8324F627385615CE56F00A36F9343801965F499A418D1ED5EAAD22
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:p...... ....(.....3.....(....................................................... ........).?W>.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.f.I.s.%.2.B.L.j.D.t.G.w.Q.0.9.X.E.B.1.Y.e.q.%.2.B.t.X.%.2.B.B.g.Q.Q.U.7.N.f.j.g.t.J.x.X.W.R.M.3.y.5.n.P.%.2.B.e.6.m.K.4.c.D.0.8.C.E.A.i.t.Q.L.J.g.0.p.x.M.n.1.7.N.q.b.2.T.r.t.k.%.3.D...

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):254
                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.015582525131988
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:kKeLllhLDcJgjcalgRAOAUSW0PTKDXMOXISKlUp:WLlzLYS4tWOxSW0PAMsZp
                                                                                                                                                                                                                                                                                                  MD5:C73258162D41FC69A878CB1E0C032D1C
                                                                                                                                                                                                                                                                                                  SHA1:56000CF3AD00BC6B7CB58790290355425BBC142D
                                                                                                                                                                                                                                                                                                  SHA-256:C1C0673A1F8674E5ED5CF923136BA17D535AFE7DE9A379DB64DDBA91468C81EA
                                                                                                                                                                                                                                                                                                  SHA-512:39E47D32DB66E3BFDD9AB94916BDCF70115CD40851F2FF33AA645C4EB718596F18AF894AB77B8ECC8972778E7246D73289FADBCDF1D84276A3591A5E9D7D1154
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:p...... ....l.....".`>..(....................................................... ............n......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.R.o.o.t.G.4...c.r.t...".5.a.2.8.6.4.1.7.-.5.9.4."...

                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):1944
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.343420056309075
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:MxHKQg8mHDp684YHKGSI6oPtHTHhAHKKkhHNpaHKlT44HKmHKe60:iqzCYqGSI6oPtzHeqKkhtpaqZ44qmq10
                                                                                                                                                                                                                                                                                                  MD5:437E4DCFC04CB727093C5232EA15F856
                                                                                                                                                                                                                                                                                                  SHA1:81B949390201F3B70AE2375518A0FFD329310837
                                                                                                                                                                                                                                                                                                  SHA-256:5EADB9774A50B6AD20D588FDA58F5A42B2E257A0AA26832B41F8EA008C1EB96B
                                                                                                                                                                                                                                                                                                  SHA-512:0332C7E5205CF9221172473A841284487ACC111780A58557231FCDE72A5EDB7E7E3EF6C87AB9682A688BC24992A74027F930267B541039BD8757EEF4E2F51A0E
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.ServiceProcess, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv759bfb78#\e2ca4e2ddffdc0d0bda3f2ca65249790\System.ServiceProcess.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.

                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF249BEF134D41FAF6.TMP

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):69632
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.1477938568457772
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:CnhubmStedGPdGeqISoedGPdGfgrLdZj:iIyLIvd
                                                                                                                                                                                                                                                                                                  MD5:50CFA1C763BBCB020797375576F19645
                                                                                                                                                                                                                                                                                                  SHA1:3900B98319E2C26CC77EA87EE67C1F009CDE6157
                                                                                                                                                                                                                                                                                                  SHA-256:153F6414DCBD6CD94F1B915D48A210B8FBD3A768E05F75B04681F82E81A14545
                                                                                                                                                                                                                                                                                                  SHA-512:46FDCDD16A866066C0F5ED21A427CA9667AC4ED4EDE729D0B0FB52DCA4ABD8FE0CCB737F99709370BD69C4BFAF89EAFA03F77D9F1BBD6226DB30E31581C0A784
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF249BEF134D41FAF6.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF349BA5819DF2EED8.TMP

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF4CDBAE97BB9B291A.TMP

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.2612941120468282
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:ORwu+I+xFX4nT5EjKBqISoedGPdGfgrLLStedGPdGRubxn:mw5ETMKcIBo1
                                                                                                                                                                                                                                                                                                  MD5:ADD148076CC38CE3DD887AFA068DD8E8
                                                                                                                                                                                                                                                                                                  SHA1:7E7C4686B2BD025C984BC66D2633459E633CF24E
                                                                                                                                                                                                                                                                                                  SHA-256:64560F25C341DF8061EE5E32503B6035AEE2D85F78A4A1205C8AD2D9403C7ED4
                                                                                                                                                                                                                                                                                                  SHA-512:1F09CEED1F9F2D2CF9BE6F7A6D2DE1B0EBA36662A92E80D3B4BD8D55BEFC7B54115F88910F35604C57DF7D41C085957B9F28DD8D1F192689E4C475EA5FB96AA6
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF4CDBAE97BB9B291A.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF6E1821419CBD92E5.TMP

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.2612941120468282
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:ORwu+I+xFX4nT5EjKBqISoedGPdGfgrLLStedGPdGRubxn:mw5ETMKcIBo1
                                                                                                                                                                                                                                                                                                  MD5:ADD148076CC38CE3DD887AFA068DD8E8
                                                                                                                                                                                                                                                                                                  SHA1:7E7C4686B2BD025C984BC66D2633459E633CF24E
                                                                                                                                                                                                                                                                                                  SHA-256:64560F25C341DF8061EE5E32503B6035AEE2D85F78A4A1205C8AD2D9403C7ED4
                                                                                                                                                                                                                                                                                                  SHA-512:1F09CEED1F9F2D2CF9BE6F7A6D2DE1B0EBA36662A92E80D3B4BD8D55BEFC7B54115F88910F35604C57DF7D41C085957B9F28DD8D1F192689E4C475EA5FB96AA6
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF6E1821419CBD92E5.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF72606B8D49D27887.TMP

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.08523315709583487
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOQxEmbygJQMNEzD8H5/tSVky6lf:2F0i8n0itFzDHF0b7JLEzD89f
                                                                                                                                                                                                                                                                                                  MD5:71179C99D6A62DC2A133556624881594
                                                                                                                                                                                                                                                                                                  SHA1:70A5398415B3DF62007643D53CC9EDAFD1879B0B
                                                                                                                                                                                                                                                                                                  SHA-256:B7293AF5DB35470ADAE0482CC649AC00EEAFEB93378917695919EF02F0CDA010
                                                                                                                                                                                                                                                                                                  SHA-512:CE0EE789481627B88E46577A82928D87BFA28BEFA6AF75382611C5F72F6261B1353AB92429F75BA3ED281981BC21F3E2931E8D8CE9CF0FC5CE718D0D52C4BC89
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF7CF9D7145FB2BD29.TMP

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF7D6DF77431214178.TMP

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.2612941120468282
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:ORwu+I+xFX4nT5EjKBqISoedGPdGfgrLLStedGPdGRubxn:mw5ETMKcIBo1
                                                                                                                                                                                                                                                                                                  MD5:ADD148076CC38CE3DD887AFA068DD8E8
                                                                                                                                                                                                                                                                                                  SHA1:7E7C4686B2BD025C984BC66D2633459E633CF24E
                                                                                                                                                                                                                                                                                                  SHA-256:64560F25C341DF8061EE5E32503B6035AEE2D85F78A4A1205C8AD2D9403C7ED4
                                                                                                                                                                                                                                                                                                  SHA-512:1F09CEED1F9F2D2CF9BE6F7A6D2DE1B0EBA36662A92E80D3B4BD8D55BEFC7B54115F88910F35604C57DF7D41C085957B9F28DD8D1F192689E4C475EA5FB96AA6
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF7D6DF77431214178.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF809BDB3C3038939A.TMP

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.5770716130457312
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:K8Ph4uRc06WX4MjT5cjKBqISoedGPdGfgrLLStedGPdGRubxn:Vh418jT0KcIBo1
                                                                                                                                                                                                                                                                                                  MD5:544279A8DCF8666F66E18EE38AA33253
                                                                                                                                                                                                                                                                                                  SHA1:AC1BE69C72C3A9E5B4506C101A853AAD8150B3B4
                                                                                                                                                                                                                                                                                                  SHA-256:4B9B54BA8B7819D711DDB7A11E19FCE7288F4C10FF1E56FB74479733FA4C4100
                                                                                                                                                                                                                                                                                                  SHA-512:8112F29B022A789D73E43D1AE4642E42916B001FEB90ACC33389CA976E3F3A9F731C2452BF242975E17A45A6F031D1CC18E98555C099ABE66E896E55A2AA4FC0
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF809BDB3C3038939A.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF902835E2B889D7DB.TMP

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFC62927D95770B6A7.TMP

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.5770716130457312
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:48:K8Ph4uRc06WX4MjT5cjKBqISoedGPdGfgrLLStedGPdGRubxn:Vh418jT0KcIBo1
                                                                                                                                                                                                                                                                                                  MD5:544279A8DCF8666F66E18EE38AA33253
                                                                                                                                                                                                                                                                                                  SHA1:AC1BE69C72C3A9E5B4506C101A853AAD8150B3B4
                                                                                                                                                                                                                                                                                                  SHA-256:4B9B54BA8B7819D711DDB7A11E19FCE7288F4C10FF1E56FB74479733FA4C4100
                                                                                                                                                                                                                                                                                                  SHA-512:8112F29B022A789D73E43D1AE4642E42916B001FEB90ACC33389CA976E3F3A9F731C2452BF242975E17A45A6F031D1CC18E98555C099ABE66E896E55A2AA4FC0
                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFC62927D95770B6A7.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFCBE2A7A22823B788.TMP

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFF75EAB7BA0250139.TMP

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  \Device\ConDrv

                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                  Size (bytes):465
                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.374799842670196
                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                  SSDEEP:12:Y0rsShlOS0+3dY7VPp2xOiaYxVpE3rTPQSSVtyT:Y0rBBtKPWaYCXPQSSPyT
                                                                                                                                                                                                                                                                                                  MD5:F9DF65A88C63FB56DC60BAA5F70CDB88
                                                                                                                                                                                                                                                                                                  SHA1:5D3D5C17F196012C529B11A2A2EA07A70ADDF65D
                                                                                                                                                                                                                                                                                                  SHA-256:6E38938CEDA8D756C86ECB5C8A5D38CFFD56417ADAC58F84225A8287D8E82920
                                                                                                                                                                                                                                                                                                  SHA-512:890B31D159997944988556210C56A2B99E2EA483F8FC32EE7B8AA8F75C08C1EADF94F126E6E49E6E163134D29F739D389012ED75B320BD73598120594649E6B8
                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                  Preview:{"PackageName":"AgentPackageAgentInformation","ExecutableCommandArgs":["minimalIdentification"],"Data":{"AccountId":"001Q3000006YrPqIAK","UserLogin":"comunicado@gestorempresas.digital","MachineName":"965969","CustomerId":"1","FolderId":"","IsMinimalIdentification":true,"UniqueMachineIdentifier":"REqwJeuTzWOW+lhCP4QE2Xw4ADHjekL5EsTdDsgoTU8=","OsType":"Windows"},"CommandId":"74b28cea-d314-412b-b1ac-0c6c5fd129c1","AgentId":"036a7bb6-e9ab-4003-820d-512fa1b48707"}..

                                                                                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.8786797529497665
                                                                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                                                                  • Microsoft Windows Installer (60509/1) 57.88%
                                                                                                                                                                                                                                                                                                  • ClickyMouse macro set (36024/1) 34.46%
                                                                                                                                                                                                                                                                                                  • Generic OLE2 / Multistream Compound File (8008/1) 7.66%
                                                                                                                                                                                                                                                                                                  File name:ListaItensVistoriaCorpodeBombeirosObrigatorio.msi
                                                                                                                                                                                                                                                                                                  File size:2'994'176 bytes
                                                                                                                                                                                                                                                                                                  MD5:8a685b955bed68d969ddea75d5ce51bf
                                                                                                                                                                                                                                                                                                  SHA1:2c66035dda36813b6d139c228148ce3a7faca9c2
                                                                                                                                                                                                                                                                                                  SHA256:1484770b005cef914a0710b85d2c57ad96c1c48abbeb0f3c4055b19c1299d12e
                                                                                                                                                                                                                                                                                                  SHA512:a9c50d981e62d7da7a7926265b16213cb990e203eccb46f2d2f9df0c20fdbb792099a36359b845a9073e19fc8fdb6318d9e3da812cbc6160be41b7caa72a91e5
                                                                                                                                                                                                                                                                                                  SSDEEP:49152:B+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:B+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                                                                                                                                                                                                                                  TLSH:11D523117584483AE3BB0A358D7ED6A05E7DFE605B70CA8E9308741E2E705C1AB76B73
                                                                                                                                                                                                                                                                                                  File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                                                                                  Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                                                                                  Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                  2024-11-24T11:25:25.778280+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.54973413.232.67.199443TCP
                                                                                                                                                                                                                                                                                                  2024-11-24T11:25:28.990578+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.54974513.232.67.199443TCP
                                                                                                                                                                                                                                                                                                  2024-11-24T11:26:13.910535+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.54985413.232.67.199443TCP
                                                                                                                                                                                                                                                                                                  2024-11-24T11:26:25.047999+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.54988413.232.67.199443TCP
                                                                                                                                                                                                                                                                                                  2024-11-24T11:26:31.728631+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.54990313.232.67.199443TCP
                                                                                                                                                                                                                                                                                                  2024-11-24T11:26:37.658515+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.54992113.232.67.199443TCP
                                                                                                                                                                                                                                                                                                  2024-11-24T11:26:43.807305+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.54994313.232.67.199443TCP
                                                                                                                                                                                                                                                                                                  2024-11-24T11:26:49.632144+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.54996713.232.67.199443TCP
                                                                                                                                                                                                                                                                                                  2024-11-24T11:26:53.737019+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.54998513.232.67.199443TCP
                                                                                                                                                                                                                                                                                                  2024-11-24T11:26:57.445153+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.55000113.232.67.199443TCP
                                                                                                                                                                                                                                                                                                  2024-11-24T11:27:04.212827+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.55003313.232.67.199443TCP
                                                                                                                                                                                                                                                                                                  2024-11-24T11:27:10.875270+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.55005613.232.67.199443TCP

                                                                                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:19.521528006 CET49721443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:19.521569014 CET4434972113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:19.521635056 CET49721443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:19.596127033 CET49721443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:19.596148014 CET4434972113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:19.664787054 CET49722443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:19.664838076 CET4434972213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:19.664978027 CET49722443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:19.670392036 CET49722443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:19.670413017 CET4434972213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.004806042 CET4434972213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.004900932 CET49722443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.059360027 CET4434972113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.059449911 CET49721443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.087266922 CET49721443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.087291956 CET4434972113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.088303089 CET4434972113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.089754105 CET49721443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.131337881 CET4434972113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.308526993 CET49722443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.308571100 CET4434972213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.308878899 CET4434972213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.310228109 CET49722443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.355339050 CET4434972213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.622116089 CET4434972113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.622204065 CET4434972113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.622262001 CET49721443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.629762888 CET49721443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.825866938 CET4434972213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.825949907 CET4434972213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.826041937 CET49722443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.831047058 CET49722443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.947350025 CET49734443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.947391033 CET4434973413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.947520971 CET49734443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.947841883 CET49734443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.947853088 CET4434973413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.951158047 CET49735443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.951225996 CET4434973513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.951294899 CET49735443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.951721907 CET49735443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:22.951760054 CET4434973513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.248403072 CET4434973413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.251131058 CET49734443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.251148939 CET4434973413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.328186989 CET4434973513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.329927921 CET49735443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.329968929 CET4434973513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.778295040 CET4434973413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.778394938 CET4434973413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.778445959 CET49734443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.779896021 CET49734443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.862081051 CET4434973513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.862241983 CET4434973513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.862297058 CET49735443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.862322092 CET4434973513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.862392902 CET4434973513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.862443924 CET49735443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.863099098 CET49735443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.992609978 CET49745443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.992665052 CET4434974513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.992818117 CET49745443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.993885994 CET49746443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.993947983 CET4434974613.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.994537115 CET49745443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.994551897 CET4434974513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.994594097 CET49746443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.994890928 CET49746443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.994915009 CET4434974613.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:26.225541115 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:26.225625992 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:26.226093054 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:26.226093054 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:26.226176977 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:28.163144112 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:28.163352966 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:28.164799929 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:28.164820910 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:28.165055037 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:28.166229010 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:28.211338043 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:28.456248999 CET4434974513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:28.457787037 CET49745443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:28.457818985 CET4434974513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:28.458771944 CET4434974613.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:28.459656000 CET49746443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:28.459687948 CET4434974613.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:28.889869928 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:28.931538105 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:28.931591988 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:28.931771040 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:28.931807995 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:28.931895971 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:28.990571976 CET4434974513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:28.990664959 CET4434974513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:28.990852118 CET49745443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:28.991503954 CET49745443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.135248899 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.135282040 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.135509014 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.135541916 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.135605097 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.176542044 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.176565886 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.176618099 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.176649094 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.176671028 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.176696062 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.317379951 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.317450047 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.317512989 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.317548990 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.317572117 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.317595959 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.345498085 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.345544100 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.345587015 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.345616102 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.345637083 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.345659971 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.365627050 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.365672112 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.365729094 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.365756035 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.365776062 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.365798950 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.381870985 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.381913900 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.381982088 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.382010937 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.382033110 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.382052898 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.524815083 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.524916887 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.524971962 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.525005102 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.525023937 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.525074005 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.540520906 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.540568113 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.540594101 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.540620089 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.540638924 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.540661097 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.554189920 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.554231882 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.554265022 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.554286003 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.554303885 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.554332018 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.569901943 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.569947004 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.569987059 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.570015907 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.570034027 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.570066929 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.585592031 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.585633993 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.585689068 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.585714102 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.585733891 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.585767031 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.587779999 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.587840080 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.602595091 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.602660894 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.602719069 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.602746010 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.602911949 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.602911949 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.616061926 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.616113901 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.616169930 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.616199970 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.616322994 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.616322994 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.632077932 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.632129908 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.632181883 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.632203102 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.632334948 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.632334948 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.741688967 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.741774082 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.741894007 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.741894007 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.741921902 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.741992950 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.753067970 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.753118038 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.753182888 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.753201962 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.753228903 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.753247023 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.764168978 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.764256001 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.764278889 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.764297962 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.764316082 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.764338017 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.773889065 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.773941994 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.773978949 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.773996115 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.774014950 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.774034977 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.784810066 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.784869909 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.784889936 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.784919977 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.784924030 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.784967899 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.795078993 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.795125008 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.795185089 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.795203924 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.795248985 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.806087971 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.806130886 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.806154013 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.806170940 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.806190014 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.806209087 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.957192898 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.957221985 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.957336903 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.957377911 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.957429886 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.961311102 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.961388111 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.961410999 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.961431026 CET44349747108.158.75.46192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.961483955 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:29.961711884 CET49747443192.168.2.5108.158.75.46
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:11.001640081 CET49854443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:11.001676083 CET4434985413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:11.001758099 CET49854443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:11.002449989 CET49854443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:11.002468109 CET4434985413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:13.379344940 CET4434985413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:13.383913040 CET49854443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:13.383940935 CET4434985413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:13.910523891 CET4434985413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:13.910638094 CET4434985413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:13.910689116 CET49854443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:13.911381006 CET49854443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:13.912519932 CET49861443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:13.912573099 CET4434986113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:13.912641048 CET49861443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:13.912925005 CET49861443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:13.912940979 CET4434986113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:16.226115942 CET4434986113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:16.227586985 CET49861443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:16.227612019 CET4434986113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:16.748157024 CET4434986113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:16.795296907 CET49861443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:16.795329094 CET4434986113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:16.795850039 CET49861443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:16.795908928 CET4434986113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:16.795986891 CET49861443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:22.110584974 CET4434974613.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:22.110611916 CET4434974613.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:22.110680103 CET4434974613.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:22.110709906 CET49746443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:22.110776901 CET49746443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:22.111429930 CET49746443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:22.118695021 CET49884443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:22.118733883 CET4434988413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:22.118798018 CET49884443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:22.119824886 CET49885443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:22.119910955 CET4434988513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:22.120062113 CET49885443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:22.120287895 CET49885443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:22.120321989 CET4434988513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:22.120408058 CET49884443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:22.120424032 CET4434988413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:24.517676115 CET4434988513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:24.517784119 CET49885443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:24.519952059 CET4434988413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:24.520041943 CET49884443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:24.520764112 CET49885443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:24.520782948 CET4434988513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:24.521122932 CET4434988513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:24.521307945 CET49884443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:24.521331072 CET4434988413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:24.522015095 CET49885443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:24.522109985 CET4434988413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:24.522990942 CET49884443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:24.563355923 CET4434988513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:24.563375950 CET4434988413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:25.048069954 CET4434988413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:25.048228979 CET4434988413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:25.048573017 CET49884443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:25.048912048 CET49884443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:28.775352001 CET49885443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:28.775542974 CET4434988513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:28.775656939 CET49885443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:28.811523914 CET49903443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:28.811575890 CET4434990313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:28.811638117 CET49903443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:28.812239885 CET49904443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:28.812310934 CET4434990413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:28.812376976 CET49904443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:28.812521935 CET49903443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:28.812552929 CET4434990313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:28.813158035 CET49904443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:28.813199997 CET4434990413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.139966011 CET4434990413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.140167952 CET49904443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.141845942 CET49904443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.141860008 CET4434990413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.142189026 CET4434990413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.143094063 CET49904443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.183360100 CET4434990413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.201842070 CET4434990313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.202105045 CET49903443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.204149961 CET49903443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.204171896 CET4434990313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.204518080 CET4434990313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.205432892 CET49903443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.247371912 CET4434990313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.659420967 CET4434990413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.659598112 CET4434990413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.659739017 CET49904443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.660126925 CET49904443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.661236048 CET49912443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.661284924 CET4434991213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.661355019 CET49912443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.661652088 CET49912443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.661664963 CET4434991213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.728646040 CET4434990313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.728740931 CET4434990313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.728837967 CET49903443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.729326010 CET49903443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:34.096117973 CET4434991213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:34.097800970 CET49912443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:34.097882032 CET4434991213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:34.628674984 CET4434991213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:34.670373917 CET49912443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:34.670439005 CET4434991213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:34.671075106 CET49912443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:34.671133995 CET4434991213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:34.671211958 CET49912443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:34.675021887 CET49921443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:34.675051928 CET4434992113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:34.675120115 CET49921443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:34.675793886 CET49921443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:34.675806046 CET4434992113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:34.676019907 CET49922443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:34.676116943 CET4434992213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:34.676193953 CET49922443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:34.676362991 CET49922443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:34.676395893 CET4434992213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.079396963 CET4434992213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.079525948 CET49922443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.081285000 CET49922443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.081314087 CET4434992213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.081667900 CET4434992213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.082887888 CET49922443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.124355078 CET4434992113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.124456882 CET49921443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.126296043 CET49921443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.126308918 CET4434992113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.126576900 CET4434992113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.127342939 CET4434992213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.127418995 CET49921443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.175333023 CET4434992113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.609863997 CET4434992213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.609982967 CET4434992213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.610047102 CET49922443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.610121965 CET4434992213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.610155106 CET4434992213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.610208035 CET49922443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.610661983 CET49922443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.615400076 CET49930443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.615442038 CET4434993013.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.615516901 CET49930443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.615770102 CET49930443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.615782022 CET4434993013.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.658509970 CET4434992113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.658605099 CET4434992113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.658659935 CET49921443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:37.676985025 CET49921443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:40.060952902 CET4434993013.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:40.062593937 CET49930443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:40.062632084 CET4434993013.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:40.812660933 CET49930443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:40.812916994 CET4434993013.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:40.812994957 CET49930443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:40.815120935 CET49941443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:40.815221071 CET4434994113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:40.815368891 CET49941443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:40.817013979 CET49941443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:40.817044020 CET4434994113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:40.821890116 CET49943443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:40.821929932 CET4434994313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:40.822004080 CET49943443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:40.823069096 CET49943443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:40.823091030 CET4434994313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.201674938 CET4434994113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.201843023 CET49941443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.203955889 CET49941443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.203978062 CET4434994113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.204190969 CET4434994113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.207575083 CET49941443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.251331091 CET4434994113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.273439884 CET4434994313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.273530006 CET49943443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.276581049 CET49943443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.276612043 CET4434994313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.277412891 CET4434994313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.278569937 CET49943443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.319364071 CET4434994313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.730961084 CET4434994113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.731055975 CET4434994113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.731116056 CET49941443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.731704950 CET49941443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.733031988 CET49954443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.733097076 CET4434995413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.733177900 CET49954443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.733784914 CET49954443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.733813047 CET4434995413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.807410955 CET4434994313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.807579994 CET4434994313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.807636976 CET49943443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:43.808492899 CET49943443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:44.907330036 CET49960443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:44.907367945 CET4434996013.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:44.907533884 CET49960443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:44.908005953 CET49960443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:44.908021927 CET4434996013.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:45.061805964 CET49960443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:45.065252066 CET49961443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:45.065319061 CET4434996113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:45.065464020 CET49961443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:45.065859079 CET49961443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:45.065887928 CET4434996113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:45.103338003 CET4434996013.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:46.112579107 CET4434995413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:46.114147902 CET49954443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:46.114228010 CET4434995413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:46.683295965 CET4434995413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:46.683377028 CET4434995413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:46.691359043 CET49954443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:46.695010900 CET49954443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:46.697169065 CET49967443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:46.697233915 CET4434996713.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:46.697411060 CET49967443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:46.697962999 CET49967443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:46.697995901 CET4434996713.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:47.252418041 CET4434996013.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:47.252476931 CET49960443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:47.526585102 CET4434996113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:47.526690960 CET49961443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:47.528872967 CET49961443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:47.528881073 CET4434996113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:47.529192924 CET4434996113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:47.530607939 CET49961443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:47.571347952 CET4434996113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:48.110656977 CET4434996113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:48.110733986 CET4434996113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:48.110795021 CET49961443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:48.111269951 CET49961443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:48.219616890 CET49973443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:48.219646931 CET4434997313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:48.222374916 CET49973443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:48.222374916 CET49973443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:48.222403049 CET4434997313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:49.100975990 CET4434996713.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:49.101079941 CET49967443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:49.103355885 CET49967443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:49.103385925 CET4434996713.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:49.103588104 CET4434996713.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:49.108376026 CET49967443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:49.155338049 CET4434996713.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:49.632131100 CET4434996713.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:49.632179976 CET4434996713.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:49.632244110 CET49967443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:49.632941008 CET49967443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:49.633987904 CET49978443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:49.634015083 CET4434997813.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:49.634063959 CET49978443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:49.634349108 CET49978443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:49.634360075 CET4434997813.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:50.624619961 CET4434997313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:50.631023884 CET49973443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:50.631042004 CET4434997313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:50.890989065 CET49978443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:50.891019106 CET49985443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:50.891107082 CET4434998513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:50.893661976 CET49985443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:50.893661976 CET49985443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:50.893743038 CET4434998513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:50.935337067 CET4434997813.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:51.194993019 CET4434997313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:51.195053101 CET4434997313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:51.195100069 CET49973443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:51.195754051 CET49973443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:51.197027922 CET49987443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:51.197102070 CET4434998713.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:51.197168112 CET49987443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:51.197496891 CET49987443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:51.197539091 CET4434998713.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:51.219703913 CET49987443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:51.220628977 CET49988443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:51.220696926 CET4434998813.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:51.220762968 CET49988443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:51.221105099 CET49988443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:51.221123934 CET4434998813.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:51.263355017 CET4434998713.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:52.082791090 CET4434997813.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:52.082880020 CET49978443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:53.215470076 CET4434998513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:53.215559006 CET49985443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:53.219805002 CET49985443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:53.219831944 CET4434998513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:53.220618010 CET4434998513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:53.221791983 CET49985443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:53.267353058 CET4434998513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:53.519797087 CET4434998713.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:53.519889116 CET49987443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:53.519889116 CET49987443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:53.546051979 CET4434998813.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:53.546139956 CET49988443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:53.549062967 CET49988443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:53.549079895 CET4434998813.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:53.549865007 CET4434998813.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:53.551166058 CET49988443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:53.595357895 CET4434998813.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:53.737091064 CET4434998513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:53.737274885 CET4434998513.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:53.737353086 CET49985443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:53.738311052 CET49985443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:54.068775892 CET4434998813.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:54.068939924 CET4434998813.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:54.069020987 CET49988443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:54.069732904 CET49988443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:54.223351955 CET50001443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:54.223361015 CET50002443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:54.223387003 CET4435000113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:54.223480940 CET4435000213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:54.223742008 CET50001443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:54.223750114 CET50002443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:54.227356911 CET50001443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:54.227360010 CET50002443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:54.227370977 CET4435000113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:54.227396011 CET4435000213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:56.692887068 CET4435000213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:56.695353031 CET50002443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:56.695399046 CET4435000213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:56.910547018 CET4435000113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:56.912439108 CET50001443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:56.912466049 CET4435000113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:57.236145973 CET4435000213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:57.236334085 CET4435000213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:57.236408949 CET50002443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:57.237025023 CET50002443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:57.241008043 CET50013443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:57.241103888 CET4435001313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:57.241170883 CET50013443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:57.241583109 CET50013443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:57.241635084 CET4435001313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:57.336117029 CET50013443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:57.338823080 CET50014443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:57.338905096 CET4435001413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:57.338973999 CET50014443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:57.339425087 CET50014443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:57.339457035 CET4435001413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:57.383375883 CET4435001313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:57.445221901 CET4435000113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:57.445399046 CET4435000113.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:57.445463896 CET50001443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:57.445843935 CET50001443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:58.377003908 CET50020443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:58.377104044 CET4435002013.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:58.378525019 CET50020443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:58.382797956 CET50020443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:58.382838011 CET4435002013.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:59.786748886 CET4435001413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:59.786820889 CET50014443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:59.788357973 CET50014443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:59.788366079 CET4435001413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:59.788573027 CET4435001413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:59.792202950 CET50014443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:59.835503101 CET4435001313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:59.835966110 CET4435001313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:59.836081982 CET50013443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:59.839356899 CET4435001413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:59.839360952 CET50013443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:00.371642113 CET4435001413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:00.371707916 CET4435001413.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:00.371833086 CET50014443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:00.372190952 CET50014443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:00.373538971 CET50027443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:00.373569965 CET4435002713.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:00.373692036 CET50027443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:00.373910904 CET50027443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:00.373924017 CET4435002713.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:00.771008015 CET4435002013.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:00.771097898 CET50020443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:00.773371935 CET50020443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:00.773405075 CET4435002013.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:00.774293900 CET4435002013.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:00.775554895 CET50020443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:00.819331884 CET4435002013.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:01.340121984 CET4435002013.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:01.340260029 CET4435002013.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:01.340349913 CET50020443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:01.374640942 CET50020443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:01.375686884 CET50033443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:01.375792980 CET4435003313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:01.375864983 CET50033443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:01.376161098 CET50033443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:01.376192093 CET4435003313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:02.750463963 CET4435002713.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:02.751712084 CET50027443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:02.751733065 CET4435002713.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:03.274782896 CET4435002713.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:03.274864912 CET4435002713.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:03.274900913 CET50027443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:03.275793076 CET50027443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:03.276487112 CET50042443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:03.276509047 CET4435004213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:03.276566029 CET50042443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:03.276771069 CET50042443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:03.276778936 CET4435004213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:03.697293043 CET4435003313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:03.699525118 CET50033443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:03.699594021 CET4435003313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:04.212888002 CET4435003313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:04.213083982 CET4435003313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:04.217417955 CET50033443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:04.218151093 CET50033443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:04.218689919 CET50043443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:04.218758106 CET4435004313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:04.221396923 CET50043443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:04.221667051 CET50043443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:04.221687078 CET4435004313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:05.675643921 CET4435004213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:05.677448988 CET50042443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:05.677462101 CET4435004213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:06.207406044 CET4435004213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:06.207472086 CET4435004213.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:06.207586050 CET50042443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:06.551935911 CET4435004313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:06.717291117 CET50043443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:07.860466957 CET50042443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:07.861187935 CET50043443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:07.861224890 CET4435004313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:07.863099098 CET50056443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:07.863118887 CET4435005613.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:07.863174915 CET50056443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:07.863910913 CET50056443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:07.863923073 CET4435005613.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:08.379640102 CET4435004313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:08.379838943 CET4435004313.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:08.379906893 CET50043443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:08.383270025 CET50043443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:08.383970022 CET50058443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:08.383994102 CET4435005813.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:08.384088039 CET50058443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:08.384263039 CET50058443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:08.384275913 CET4435005813.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:10.327356100 CET4435005613.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:10.330250978 CET50056443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:10.330270052 CET4435005613.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:10.764502048 CET4435005813.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:10.769417048 CET50058443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:10.769432068 CET4435005813.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:10.875329971 CET4435005613.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:10.875400066 CET4435005613.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:10.877902985 CET50056443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:10.877902985 CET50056443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:10.881324053 CET50066443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:10.881381035 CET4435006613.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:10.881684065 CET50066443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:10.881684065 CET50066443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:10.881726027 CET4435006613.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:11.292957067 CET4435005813.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:11.292973995 CET4435005813.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:11.293025970 CET50058443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:11.293034077 CET4435005813.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:11.293070078 CET50058443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:11.296870947 CET50058443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:11.306632042 CET50070443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:11.306723118 CET4435007013.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:11.306843042 CET50070443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:11.307197094 CET50070443192.168.2.513.232.67.199
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:11.307231903 CET4435007013.232.67.199192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:13.258806944 CET4435006613.232.67.199192.168.2.5

                                                                                                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:04.264873981 CET6305653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:15.666868925 CET5316853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:19.351816893 CET5558753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:19.491449118 CET53555871.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.990291119 CET5240353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:26.002448082 CET5699053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:26.223747969 CET53569901.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:18.688647985 CET5285353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:28.807593107 CET6019753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.640706062 CET6485453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:41.846425056 CET6368053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:53.137290001 CET5054653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:04.085663080 CET5356353192.168.2.51.1.1.1

                                                                                                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:04.264873981 CET192.168.2.51.1.1.10xc8f7Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:15.666868925 CET192.168.2.51.1.1.10x2010Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:19.351816893 CET192.168.2.51.1.1.10xb5c8Standard query (0)ps.pndsn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:25.990291119 CET192.168.2.51.1.1.10xf0f0Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:26.002448082 CET192.168.2.51.1.1.10x250cStandard query (0)ps.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:18.688647985 CET192.168.2.51.1.1.10xd703Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:28.807593107 CET192.168.2.51.1.1.10x20d9Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.640706062 CET192.168.2.51.1.1.10xc777Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:41.846425056 CET192.168.2.51.1.1.10x453bStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:53.137290001 CET192.168.2.51.1.1.10x23caStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:04.085663080 CET192.168.2.51.1.1.10x8c8fStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:04.654381990 CET1.1.1.1192.168.2.50xc8f7No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:13.367767096 CET1.1.1.1192.168.2.50x1f35No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:13.367767096 CET1.1.1.1192.168.2.50x1f35No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:14.969075918 CET1.1.1.1192.168.2.50xeed7No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:14.969075918 CET1.1.1.1192.168.2.50xeed7No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:15.015013933 CET1.1.1.1192.168.2.50x1f5cNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:15.015013933 CET1.1.1.1192.168.2.50x1f5cNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:15.991377115 CET1.1.1.1192.168.2.50x2010No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:17.351068020 CET1.1.1.1192.168.2.50xf3c4No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:17.351068020 CET1.1.1.1192.168.2.50xf3c4No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:19.491449118 CET1.1.1.1192.168.2.50xb5c8No error (0)ps.pndsn.com13.232.67.199A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:19.491449118 CET1.1.1.1192.168.2.50xb5c8No error (0)ps.pndsn.com13.232.67.198A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:26.223747969 CET1.1.1.1192.168.2.50x250cNo error (0)ps.atera.comd25btwd9wax8gu.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:26.223747969 CET1.1.1.1192.168.2.50x250cNo error (0)d25btwd9wax8gu.cloudfront.net108.158.75.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:26.223747969 CET1.1.1.1192.168.2.50x250cNo error (0)d25btwd9wax8gu.cloudfront.net108.158.75.12A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:26.223747969 CET1.1.1.1192.168.2.50x250cNo error (0)d25btwd9wax8gu.cloudfront.net108.158.75.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:26.223747969 CET1.1.1.1192.168.2.50x250cNo error (0)d25btwd9wax8gu.cloudfront.net108.158.75.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:26.309756994 CET1.1.1.1192.168.2.50xf0f0No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:30.244170904 CET1.1.1.1192.168.2.50x534bNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:25:30.244170904 CET1.1.1.1192.168.2.50x534bNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:15.126018047 CET1.1.1.1192.168.2.50x3d9No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:15.126018047 CET1.1.1.1192.168.2.50x3d9No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:19.093669891 CET1.1.1.1192.168.2.50xd703No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:28.947777987 CET1.1.1.1192.168.2.50x20d9No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:31.970671892 CET1.1.1.1192.168.2.50xc777No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:42.163901091 CET1.1.1.1192.168.2.50x453bNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:26:53.485898018 CET1.1.1.1192.168.2.50x23caNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                  Nov 24, 2024 11:27:04.411767960 CET1.1.1.1192.168.2.50x8c8fNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                  • ps.pndsn.com
                                                                                                                                                                                                                                                                                                  • ps.atera.com

                                                                                                                                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  0192.168.2.54972113.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:22 UTC183OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fbc5619b-ff2b-4cc2-bf14-e4eb42ae8834&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:22 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:25:22 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 19
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:22 UTC19INData Raw: 5b 31 37 33 32 34 34 33 39 32 32 33 36 31 36 37 35 36 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: [17324439223616756]


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  1192.168.2.54972213.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:22 UTC364OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=10b48a2e-94d5-4663-b23c-61fa3a71d716&tt=0&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:22 UTC277INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:25:22 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 45
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:22 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 32 34 34 33 39 32 32 34 37 32 35 35 31 33 22 2c 22 72 22 3a 33 33 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"t":{"t":"17324439224725513","r":33},"m":[]}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  2192.168.2.54973413.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:25 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=30556299-8b6f-404b-8ffa-af2979283dda&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:25 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:25:25 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 19
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:25 UTC19INData Raw: 5b 31 37 33 32 34 34 33 39 32 35 35 32 32 37 31 38 34 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: [17324439255227184]


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  3192.168.2.54973513.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:25 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9dbd0473-c525-491a-8cab-a2fddc92f86f&tr=33&tt=17324439224725513&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:25 UTC279INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:25:25 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 1879
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:25 UTC1181INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 32 34 34 33 39 32 35 34 30 31 30 31 36 36 22 2c 22 72 22 3a 33 33 7d 2c 22 6d 22 3a 5b 7b 22 61 22 3a 22 32 22 2c 22 66 22 3a 30 2c 22 69 22 3a 22 62 64 30 36 30 39 37 39 2d 66 37 31 63 2d 34 65 31 36 2d 61 31 65 30 2d 64 66 36 30 33 33 66 35 63 31 65 62 22 2c 22 70 22 3a 7b 22 74 22 3a 22 31 37 33 32 34 34 33 39 32 35 34 30 31 30 31 36 36 22 2c 22 72 22 3a 32 34 7d 2c 22 6b 22 3a 22 73 75 62 2d 63 2d 61 30 32 63 65 63 61 38 2d 61 39 35 38 2d 31 31 65 35 2d 62 64 38 63 2d 30 36 31 39 66 38 39 34 35 61 34 66 22 2c 22 63 22 3a 22 30 33 36 61 37 62 62 36 2d 65 39 61 62 2d 34 30 30 33 2d 38 32 30 64 2d 35 31 32 66 61 31 62 34 38 37 30 37 22 2c 22 64 22 3a 7b 22 43 6f 6d 6d 61 6e 64 49 64 22 3a 22 39 34 37 66 35 66 66
                                                                                                                                                                                                                                                                                                  Data Ascii: {"t":{"t":"17324439254010166","r":33},"m":[{"a":"2","f":0,"i":"bd060979-f71c-4e16-a1e0-df6033f5c1eb","p":{"t":"17324439254010166","r":24},"k":"sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f","c":"036a7bb6-e9ab-4003-820d-512fa1b48707","d":{"CommandId":"947f5ff
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:25 UTC698INData Raw: 65 63 6b 73 75 6d 22 3a 22 34 34 31 35 66 32 66 63 31 33 35 38 39 62 31 39 61 30 39 62 62 64 64 30 39 31 63 34 66 36 66 37 33 33 65 64 61 38 35 64 22 2c 22 53 69 67 6e 61 74 75 72 65 22 3a 22 71 43 69 37 44 67 6e 49 51 6c 63 38 41 66 70 5c 75 30 30 32 42 55 42 30 76 76 44 67 56 53 65 56 4b 77 41 39 4b 71 34 51 4a 62 42 69 56 64 64 53 78 75 7a 4e 61 47 34 4e 4b 4e 31 37 35 68 4d 41 4e 4c 6c 48 72 55 33 50 5c 75 30 30 32 42 38 66 65 44 51 47 66 58 35 75 50 34 78 35 78 4f 67 6f 71 36 33 65 30 71 55 5a 61 55 51 4e 45 31 6f 55 30 31 73 4f 78 68 6c 78 78 43 79 33 77 4e 63 31 79 38 42 75 5c 75 30 30 32 42 72 6f 6b 37 68 31 79 72 44 35 6b 6f 30 37 77 42 34 65 50 52 70 44 74 41 48 4e 38 5a 6f 32 6a 51 52 55 4d 43 53 32 66 61 79 6d 77 7a 55 69 44 36 69 34 55 58 49
                                                                                                                                                                                                                                                                                                  Data Ascii: ecksum":"4415f2fc13589b19a09bbdd091c4f6f733eda85d","Signature":"qCi7DgnIQlc8Afp\u002BUB0vvDgVSeVKwA9Kq4QJbBiVddSxuzNaG4NKN175hMANLlHrU3P\u002B8feDQGfX5uP4x5xOgoq63e0qUZaUQNE1oU01sOxhlxxCy3wNc1y8Bu\u002Brok7h1yrD5ko07wB4ePRpDtAHN8Zo2jQRUMCS2faymwzUiD6i4UXI


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  4192.168.2.549747108.158.75.464436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:28 UTC212OUTGET /agentpackagesnet45/AgentPackageAgentInformation/38.0/AgentPackageAgentInformation.zip?nvP40guF0IbHZ24g5/VirY+cw7Yp6pOjsxzTPLvYHk5f5QaUcIw2CAzGGlirMWb5 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.atera.com
                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:28 UTC671INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                  Content-Length: 384542
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-MD5: SgmofSAE2sSwBofpyfFQNg==
                                                                                                                                                                                                                                                                                                  Last-Modified: Tue, 12 Nov 2024 07:13:54 GMT
                                                                                                                                                                                                                                                                                                  ETag: 0x8DD02E9910FA268
                                                                                                                                                                                                                                                                                                  Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                  x-ms-request-id: 4f2b2192-601e-007b-57cf-3c3f56000000
                                                                                                                                                                                                                                                                                                  x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                                  Date: Sat, 23 Nov 2024 11:11:18 GMT
                                                                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                  X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                                                                                  Via: 1.1 28faeddd0f2a66ea58334f6c438c3c2c.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                  X-Amz-Cf-Pop: BAH53-P2
                                                                                                                                                                                                                                                                                                  X-Amz-Cf-Id: BIsmJPdkHfL9bpH70m-7aVHNsCvrclBaq9PKG35J4FSSQcReY7XGIw==
                                                                                                                                                                                                                                                                                                  Age: 83649
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:28 UTC16384INData Raw: 50 4b 03 04 2d 00 09 08 08 00 b9 39 6c 59 b5 ba a1 7d ff ff ff ff ff ff ff ff 3d 00 14 00 41 67 65 6e 74 50 61 63 6b 61 67 65 41 67 65 6e 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 2f 41 67 65 6e 74 50 61 63 6b 61 67 65 41 67 65 6e 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 65 78 65 01 00 10 00 28 b6 02 00 00 00 00 00 df 1b 01 00 00 00 00 00 e3 12 a7 01 2c f1 1b de 31 c7 8a 39 3e 6b 73 27 36 d0 73 2b 61 ce ce e3 d2 b6 cb 71 21 62 f9 4e 18 e5 1e a6 ed c3 a5 43 de 14 0c f6 81 ff 20 24 ff d5 3a 2d 75 b6 26 8e d9 8b a4 ae e1 2e bd 40 7e 84 03 06 21 73 f7 1f ae 94 a0 7d ab a6 99 3b a0 b8 5f e3 30 9a 41 f2 ec e6 d0 a8 20 53 e8 c2 17 fd 08 50 b9 08 97 28 2f f1 4c 63 d3 c6 76 04 21 b5 c3 d7 bb be b4 9c 43 48 ed cb 7f 13 28 f5 12 6a cb 1b 54 89 c5 9d 34 6d 19 74 79 dc 8f 06
                                                                                                                                                                                                                                                                                                  Data Ascii: PK-9lY}=AgentPackageAgentInformation/AgentPackageAgentInformation.exe(,19>ks'6s+aq!bNC $:-u&.@~!s};_0A SP(/Lcv!CH(jT4mty
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:29 UTC16384INData Raw: f0 b6 9f 02 d6 76 cc ce d9 09 94 a1 26 eb 74 90 a7 fe 9a e0 1d b1 f9 72 42 b0 b7 ff fe 39 89 7c f5 1f 06 8d 10 42 56 d9 13 08 e2 1e d8 65 d9 67 d6 9e a5 ed 34 11 20 6e 6f 77 99 f4 2e 5e ce 9b 4b d2 4f d5 54 f2 c0 de c0 75 c7 a5 c9 62 7e 38 d8 05 2e fc aa 67 fd f2 6a 55 d4 a9 b7 f3 02 91 a2 50 a9 9a b0 9b e0 1b 6f 22 1a af 80 b3 8a 65 25 55 67 b6 03 d4 4b 74 22 db 33 7e e5 c3 d2 a3 dc 40 ea bf d2 9b df de 09 3b 4b 7a 72 a5 c5 6a 55 ce b1 f2 83 54 49 a2 b1 e5 7e da 7c 9a 01 ff 90 0d 77 4d 90 4b a1 5a b2 74 ce aa 9d 81 e9 70 f0 82 30 43 fd fa df fd 3f 8d 48 61 bd 8f fb 5f 89 9a 56 2b 3e 95 86 7a 34 65 a0 6b 9c 17 3d 00 14 62 41 52 f2 ef 9c f8 4a 81 1f 31 38 9e 82 42 67 c8 7b 02 78 04 0b 69 83 eb da 25 7a a1 0e 8b c8 51 a6 6e 66 9d a4 38 8c 58 97 12 7f b0 15
                                                                                                                                                                                                                                                                                                  Data Ascii: v&trB9|BVeg4 now.^KOTub~8.gjUPo"e%UgKt"3~@;KzrjUTI~|wMKZtp0C?Ha_V+>z4ek=bARJ18Bg{xi%zQnf8X
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:29 UTC16384INData Raw: 96 fe 85 11 dd 8d d3 ae f0 08 67 57 7f 06 96 e6 35 8a 97 3a 21 9f 00 cc 25 cf d0 e7 7d 2a dd cd 56 2b 0d 3e 05 db 84 f2 84 83 d4 65 bc 9b 45 1b 69 99 82 c3 a0 18 05 36 a9 e7 4b 8a e5 2a bd 46 58 3c a4 a1 2e c5 e3 da b5 a5 f9 84 58 d4 30 fd 03 3e 84 a3 a8 84 e1 e8 6b 8a a1 b5 49 57 f8 59 c2 a0 80 c8 dd 72 c6 94 85 aa c7 bd 26 ca e2 66 dc 3a ec 7f 98 99 42 18 6c 98 4b ba 4e d8 42 f2 2f fd bc 21 89 4a 50 84 b3 9d fa d5 3e d9 3c 20 91 7d 2e d8 fe c8 1e be 85 63 db 49 11 d7 f7 7b 8f 7a c2 39 6f 7e 7d 1a 86 98 1f da 6b 4a 7e b3 0f d8 99 0b c6 a2 11 e0 f5 32 de f1 9b d6 5f fa 27 80 4f 6e a5 84 70 f6 bc 0a 43 29 4b 6e 3e 00 0c 68 18 16 ab 3e d7 f4 97 5a 14 d0 9d d2 4e 01 fb 2f 0a ca 31 8f 2f a4 fa 21 4e 96 52 db 42 2d 8e d8 18 b5 0a 62 a1 4e a6 56 89 f7 26 8d b6
                                                                                                                                                                                                                                                                                                  Data Ascii: gW5:!%}*V+>eEi6K*FX<.X0>kIWYr&f:BlKNB/!JP>< }.cI{z9o~}kJ~2_'OnpC)Kn>h>ZN/1/!NRB-bNV&
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:29 UTC16384INData Raw: 41 64 50 ca 35 e9 de 0b e0 37 6e 26 d7 3d 22 10 9a 01 a9 57 87 60 df 1a 50 85 78 b5 42 15 26 dc 70 93 89 14 67 fd 25 32 3a 19 22 ba 15 0d b7 92 1f 35 b7 2c 1b c7 dd d3 5f 5e a7 5f c1 51 30 e0 af 93 60 8e 6b 7b a5 87 43 30 6a de b3 3e b9 61 20 e4 ed 0c d6 9c 19 e5 75 32 fc b5 bf e3 09 0a bd 79 92 61 6e 93 46 5d 56 71 c8 be 81 e9 75 7d c7 be 6d fb a5 3a 4f 7c 4d ba 40 2d 48 98 df b3 e5 56 4d 23 23 d4 16 69 23 e7 29 35 4c 5d fa a7 57 d7 fa e5 de 49 87 2e c5 67 a2 b6 fb 45 58 c5 ac be 75 ac fb a6 b1 8a 78 72 7e 53 80 d2 6e 40 36 e0 7d b1 a6 ae e6 bd 67 64 fb 6e 13 37 be d4 c5 1f 5f 70 c6 15 7f 5a ac c0 1e d2 ec 11 d3 43 7e 1b 8a e4 56 7d 30 bf c0 e4 ad 74 4b bf 6d 71 a7 15 a0 b9 d3 d8 90 bf f1 4c 1c f4 3e 8a ec 5f 95 27 b8 e2 39 8e 30 b1 5b f9 8b 87 b8 f3 d7
                                                                                                                                                                                                                                                                                                  Data Ascii: AdP57n&="W`PxB&pg%2:"5,_^_Q0`k{C0j>a u2yanF]Vqu}m:O|M@-HVM##i#)5L]WI.gEXuxr~Sn@6}gdn7_pZC~V}0tKmqL>_'90[
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:29 UTC16384INData Raw: 58 e8 f6 df 2e 03 6a 01 b6 45 ae d4 d7 bc 99 a9 9a 2f 45 ff bd 30 84 22 38 ce 84 98 80 72 18 6d 55 e6 9e b7 86 f7 7e eb 80 84 fd 55 b0 dd 1c b2 c3 2f 75 d6 aa 41 55 9b 79 09 94 d1 66 6f 7b 4f 9c 19 47 1c d9 f0 09 e2 eb c3 cc b2 52 52 aa ce 00 8a 38 ad d6 83 bb 63 67 fd e4 da a0 26 76 75 45 a4 62 cc 43 42 35 02 1d 02 ad 6a 31 0c 7f 1d f4 ca 90 1b 28 c8 48 e4 a1 5c 00 15 f6 b2 e7 37 c8 55 01 3a 6f e3 bc b8 61 92 d2 ac df 4c df e2 ff 5e 04 40 26 5d e9 e7 98 06 a5 7c a5 a6 d3 64 9f 35 75 b6 82 90 93 70 4d 42 4d fd 3a 43 63 ec 28 c0 75 d6 13 28 f8 41 cc 56 3f d3 d1 9a 6c 8b 35 b5 22 b3 23 4f 4c 6b cb 27 42 c0 5a 57 c6 3e 30 b5 ab c5 7e eb 53 f5 ca 11 b1 54 b0 f6 56 55 f4 fb 08 c3 74 45 7f 54 c9 8c e6 d2 a5 11 05 03 a5 e6 13 b2 6c 62 59 b2 eb 43 fa 81 6f a6 4d
                                                                                                                                                                                                                                                                                                  Data Ascii: X.jE/E0"8rmU~U/uAUyfo{OGRR8cg&vuEbCB5j1(H\7U:oaL^@&]|d5upMBM:Cc(u(AV?l5"#OLk'BZW>0~STVUtETlbYCoM
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:29 UTC16384INData Raw: 34 04 1b b1 1b 98 28 77 ac f8 5c 44 d7 13 89 b4 12 7c 2b 83 cb 67 ff b5 2a 5e 56 56 e2 53 0a 2a ef ba 29 c4 00 b7 0f 27 b1 b1 28 fc 14 c9 88 7e 9d 33 eb f2 e8 a1 ae 2a 95 d4 86 32 1a 8a 8b 55 36 73 6f 5d d2 a2 24 d7 45 d6 14 a3 96 1b af 00 09 69 fb e3 90 04 ca 93 5d 3d c2 96 c4 d3 1a 49 d9 ce be e6 dc 05 1d 81 b7 71 1a dd 76 3d 01 eb 04 8a 52 b7 e3 b3 c5 d2 b3 48 a4 11 18 28 66 82 90 d9 40 cb 61 2f 59 d0 6f 04 1b ff aa 95 c8 51 55 73 03 fb d7 30 b5 1e b5 e5 a4 f4 f0 02 d1 19 d5 f7 05 0e 27 3c 1a 62 ef 50 7f f8 d7 0f d3 ac 93 d1 11 47 68 85 7d 69 f7 10 2f b2 b7 33 84 92 b7 0d ad 44 7f a7 77 41 9e e7 c5 68 1a 5a 79 72 69 b4 db 16 f7 a5 e6 2a 39 ad 95 99 ec 51 f3 8c 62 93 60 12 de 11 b9 a1 52 25 15 ab c2 7c 84 e6 51 9a 9e e6 32 04 c4 84 74 26 1c 49 48 19 6c
                                                                                                                                                                                                                                                                                                  Data Ascii: 4(w\D|+g*^VVS*)'(~3*2U6so]$Ei]=Iqv=RH(f@a/YoQUs0'<bPGh}i/3DwAhZyri*9Qb`R%|Q2t&IHl
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:29 UTC16384INData Raw: 8f 68 fe 5c cb 10 c2 02 77 6c 58 d4 0f 50 0d 4b 37 fb cb 34 a9 b8 d2 16 48 fd 24 14 c0 43 16 7d 0f 9b 1c 93 73 25 5a 14 80 e4 3c 21 72 00 2e 53 2c e9 75 b6 96 76 cc a0 1f 5e 00 07 13 20 0d c1 4d 4a 19 ff d4 d1 b1 30 88 13 ca 85 22 84 a8 a7 b8 68 55 bd 22 44 e6 85 b4 63 28 60 b6 02 72 98 af a9 77 90 fb 71 ac 63 20 74 73 d1 0d e0 51 bb ab 29 13 cb b7 a3 94 49 fe 86 18 54 63 a4 42 95 aa d4 79 93 21 74 87 21 99 eb 3d 75 15 e2 ac 3d 4c a4 ac ff a9 22 a4 48 fa d6 6f a6 28 e0 74 00 0d 0f 73 77 e4 0d 80 aa 17 1e 10 53 a0 16 be b0 77 d6 b4 c0 31 95 2b 56 cd ba 57 9f 03 26 1a 9e 66 41 62 b6 02 b2 70 32 4b ad 49 2c 49 c3 0e e7 45 4e 88 28 25 83 84 8a a9 08 6b 7e d0 7b db a0 d6 c5 41 7d eb 29 8a 69 a5 c1 0c f6 1b b6 bd 6d 5e 48 29 d4 bf 09 d8 ed e4 70 7e 52 1b 44 4c
                                                                                                                                                                                                                                                                                                  Data Ascii: h\wlXPK74H$C}s%Z<!r.S,uv^ MJ0"hU"Dc(`rwqc tsQ)ITcBy!t!=u=L"Ho(tswSw1+VW&fAbp2KI,IEN(%k~{A})im^H)p~RDL
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:29 UTC13232INData Raw: b0 35 f1 5b e1 55 55 2d 1b 11 8e 47 4c bb 01 07 f0 15 83 68 42 8a ee 1e 04 4e 89 f0 53 fa f4 c4 da a7 79 48 d4 5b 49 a5 ea 32 74 69 78 4f c3 3c 93 11 5a ff 50 78 79 7d 49 47 a1 32 5f 5c 4a 03 22 3a 9c 28 29 f4 ca d1 1a b4 7e ad ca 19 87 83 b6 fb 62 8a f5 b1 e7 f5 7e f3 dd bd 49 30 aa a3 c3 74 e9 88 c6 89 72 13 da 50 29 ad 2a 3b d5 f6 eb cd 58 97 62 7c f0 be d6 b6 a9 65 3b dc 4f 3f 8d d9 de 62 c3 a7 21 d0 7e 66 d5 84 b6 78 12 a4 11 aa 61 ef 8d 88 39 21 02 09 a6 5b 1c d2 65 a3 c8 75 53 5d a2 04 c7 1b 89 12 6d f3 61 70 b4 58 ab 08 f9 c1 9f d7 14 c3 cf 94 95 e4 9d 18 30 76 c6 84 e5 51 0f c8 78 ed 6d 07 3c 75 8f 12 86 dd 73 3b 78 55 69 ab 26 b2 88 e6 ff 0f 50 4b 74 4a f3 a8 00 09 3f 29 7c ee 82 1d 8b 30 84 76 04 b1 54 67 67 36 f1 21 64 00 4b 4c 2a ae a8 0f c7
                                                                                                                                                                                                                                                                                                  Data Ascii: 5[UU-GLhBNSyH[I2tixO<ZPxy}IG2_\J":()~b~I0trP)*;Xb|e;O?b!~fxa9![euS]mapX0vQxm<us;xUi&PKtJ?)|0vTgg6!dKL*
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:29 UTC16384INData Raw: e1 b4 72 fd 11 cd 8c 59 d5 8f 96 97 64 10 c5 90 d4 d4 d4 9f 1c 5f c3 4e 39 73 b9 f3 36 0f 63 4d 1a 43 b0 d8 e1 9e 7f dd 7d 09 fe 49 44 28 5a 5c 18 06 4e 72 55 18 6f ed 59 7a 0d bc 75 04 21 53 25 4a b6 e8 85 1f aa d3 78 c3 69 c8 bc 23 8a 03 d0 dd f4 ad 97 9a d3 14 c3 6e 8a 73 6b db 3a 19 16 2e f7 43 d4 9b 9b 04 95 c6 24 d9 12 b4 63 72 a7 74 fb 56 16 dc 24 6d 6e 96 94 a0 2d f0 05 45 23 89 d4 37 7b 1b bb 5e 81 34 74 47 e3 c1 43 5b 90 6a 04 97 4d a2 71 b3 af c7 7b f5 0b ef 80 42 0f 5c d9 8c da 4d a1 3a 4f a3 d9 7a 92 79 98 2d d1 c4 75 f1 ae 9a 27 39 7d 53 6d e5 13 c2 64 05 85 5c 4e db 3c e7 28 06 0b c2 26 92 24 c3 63 dc 98 21 cf 28 59 ac 69 7b b2 cd c7 77 bc 53 8c 34 6f d5 df 0f 5a b7 2e 73 18 1a df 48 3c b0 ee 62 0c 3f 0d e8 d6 f2 30 bf 9d 02 45 e9 93 6b 68
                                                                                                                                                                                                                                                                                                  Data Ascii: rYd_N9s6cMC}ID(Z\NrUoYzu!S%Jxi#nsk:.C$crtV$mn-E#7{^4tGC[jMq{B\M:Ozy-u'9}Smd\N<(&$c!(Yi{wS4oZ.sH<b?0Ekh
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:29 UTC16384INData Raw: 60 97 88 b0 a0 14 e4 f1 d4 20 15 eb 64 e4 f7 1b 16 f0 8a 17 a2 37 09 66 f8 ac 38 ed 04 44 20 44 19 22 66 a3 90 b4 94 6c b2 3a e0 e5 6f 9b e3 7b 2a 85 60 ed 49 83 10 ed 18 41 ac 4b cc f2 f0 f4 57 e8 14 94 17 90 ae 0a 55 43 65 18 2e ba e0 56 8c 20 00 f5 9a 53 32 68 63 5e e8 4c 16 44 5d 0f ad 22 fa d4 e0 1f 15 4c 7f 4c 96 ce 84 ce 82 89 be 76 ec e5 9e 04 02 29 76 87 84 77 b2 dc c8 63 81 ca 7f 7d 37 7d f2 92 f0 00 d7 29 14 b0 69 aa a6 bb 91 e6 ce 2e ed d4 b4 dd 86 bc 44 ec 65 1f 9d e7 49 41 07 79 6f 34 f1 d0 48 34 f4 94 71 f8 6e 85 25 f0 8b f7 78 ca 23 f0 88 c9 e4 2e 84 ac 53 50 60 b5 54 65 f6 4d 6e 69 20 14 e9 f6 e4 f5 a3 56 94 15 c3 07 2b 10 1a 22 80 03 86 31 73 4f 1e d9 14 fb 6c 31 23 a0 49 48 c1 da 8c 63 0a 91 a7 e1 b5 dd bf aa 49 64 f5 6f 0b 20 34 03 a7
                                                                                                                                                                                                                                                                                                  Data Ascii: ` d7f8D D"fl:o{*`IAKWUCe.V S2hc^LD]"LLv)vwc}7})i.DeIAyo4H4qn%x#.SP`TeMni V+"1sOl1#IHcIdo 4


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  5192.168.2.54974513.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:28 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cbed27f6-54fb-43c4-9cab-08a80ac08544&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:28 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:25:28 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 19
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:28 UTC19INData Raw: 5b 31 37 33 32 34 34 33 39 32 38 37 33 30 36 30 38 33 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: [17324439287306083]


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  6192.168.2.54974613.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:25:28 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7bd6a0de-bd6a-4dd0-b04d-32ffbb137167&tr=33&tt=17324439254010166&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:22 UTC279INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:26:21 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 1884
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:22 UTC1884INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 32 34 34 33 39 38 31 37 30 39 31 34 39 31 22 2c 22 72 22 3a 33 33 7d 2c 22 6d 22 3a 5b 7b 22 61 22 3a 22 32 22 2c 22 66 22 3a 30 2c 22 69 22 3a 22 62 33 62 37 33 37 31 30 2d 38 38 39 63 2d 34 34 36 37 2d 62 32 36 34 2d 37 61 31 64 30 66 65 66 38 66 37 32 22 2c 22 70 22 3a 7b 22 74 22 3a 22 31 37 33 32 34 34 33 39 38 31 37 30 39 31 34 39 31 22 2c 22 72 22 3a 34 31 7d 2c 22 6b 22 3a 22 73 75 62 2d 63 2d 61 30 32 63 65 63 61 38 2d 61 39 35 38 2d 31 31 65 35 2d 62 64 38 63 2d 30 36 31 39 66 38 39 34 35 61 34 66 22 2c 22 63 22 3a 22 30 33 36 61 37 62 62 36 2d 65 39 61 62 2d 34 30 30 33 2d 38 32 30 64 2d 35 31 32 66 61 31 62 34 38 37 30 37 22 2c 22 64 22 3a 7b 22 43 6f 6d 6d 61 6e 64 49 64 22 3a 22 64 33 33 62 63 39 35
                                                                                                                                                                                                                                                                                                  Data Ascii: {"t":{"t":"17324439817091491","r":33},"m":[{"a":"2","f":0,"i":"b3b73710-889c-4467-b264-7a1d0fef8f72","p":{"t":"17324439817091491","r":41},"k":"sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f","c":"036a7bb6-e9ab-4003-820d-512fa1b48707","d":{"CommandId":"d33bc95


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  7192.168.2.54985413.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:13 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fc5b0f0f-6a56-401f-80e9-8be81399a636&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:13 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:26:13 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 19
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:13 UTC19INData Raw: 5b 31 37 33 32 34 34 33 39 37 33 36 35 36 32 37 32 35 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: [17324439736562725]


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  8192.168.2.54986113.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:16 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=4b3421ac-d387-427b-9ddb-b94f88f1e703&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:16 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:26:16 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 55
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                  Age: 0
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:16 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  9192.168.2.54988513.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:24 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=98e68274-5d6c-46f9-8e1c-6ac34eaaed9f&tr=33&tt=17324439817091491&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  10192.168.2.54988413.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:24 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=254b40c1-e391-4dc5-a3fc-b4191829120e&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:25 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:26:24 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 19
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:25 UTC19INData Raw: 5b 31 37 33 32 34 34 33 39 38 34 37 38 34 31 38 38 35 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: [17324439847841885]


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  11192.168.2.54990413.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:31 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=47d3572d-5ec1-4a16-8b18-b7c076a038fc&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:31 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:26:31 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 74
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                  Age: 0
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:31 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  12192.168.2.54990313.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:31 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=985e6a88-0b57-4d38-a817-216eb6ef36a4&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:31 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:26:31 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 19
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:31 UTC19INData Raw: 5b 31 37 33 32 34 34 33 39 39 31 34 37 36 34 31 36 39 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: [17324439914764169]


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  13192.168.2.54991213.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:34 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c1866262-6dbe-4127-848d-fdd2fb9c798a&tt=0&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:34 UTC277INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:26:34 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 45
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:34 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 32 34 34 33 39 38 31 37 30 39 31 34 39 31 22 2c 22 72 22 3a 33 33 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"t":{"t":"17324439817091491","r":33},"m":[]}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  14192.168.2.54992213.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:37 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f5d904fa-4ebd-4e88-9d51-8bf1316d9b84&tr=33&tt=17324439817091491&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:37 UTC279INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:26:37 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 1884
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:37 UTC1884INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 32 34 34 33 39 39 36 34 35 33 31 32 37 31 22 2c 22 72 22 3a 33 33 7d 2c 22 6d 22 3a 5b 7b 22 61 22 3a 22 32 22 2c 22 66 22 3a 30 2c 22 69 22 3a 22 66 31 63 37 62 34 30 35 2d 63 64 61 38 2d 34 64 38 37 2d 61 30 66 62 2d 39 38 62 61 63 61 37 66 63 65 34 64 22 2c 22 70 22 3a 7b 22 74 22 3a 22 31 37 33 32 34 34 33 39 39 36 34 35 33 31 32 37 31 22 2c 22 72 22 3a 34 31 7d 2c 22 6b 22 3a 22 73 75 62 2d 63 2d 61 30 32 63 65 63 61 38 2d 61 39 35 38 2d 31 31 65 35 2d 62 64 38 63 2d 30 36 31 39 66 38 39 34 35 61 34 66 22 2c 22 63 22 3a 22 30 33 36 61 37 62 62 36 2d 65 39 61 62 2d 34 30 30 33 2d 38 32 30 64 2d 35 31 32 66 61 31 62 34 38 37 30 37 22 2c 22 64 22 3a 7b 22 43 6f 6d 6d 61 6e 64 49 64 22 3a 22 37 34 62 32 38 63 65
                                                                                                                                                                                                                                                                                                  Data Ascii: {"t":{"t":"17324439964531271","r":33},"m":[{"a":"2","f":0,"i":"f1c7b405-cda8-4d87-a0fb-98baca7fce4d","p":{"t":"17324439964531271","r":41},"k":"sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f","c":"036a7bb6-e9ab-4003-820d-512fa1b48707","d":{"CommandId":"74b28ce


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  15192.168.2.54992113.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:37 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d564941f-31f4-4f1e-8cfa-ab39104c2c32&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:37 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:26:37 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 19
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:37 UTC19INData Raw: 5b 31 37 33 32 34 34 33 39 39 37 33 39 38 38 36 36 36 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: [17324439973988666]


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  16192.168.2.54993013.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:40 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=52166139-0835-47a8-ba03-8e3021aadb32&tr=33&tt=17324439964531271&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  17192.168.2.54994113.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:43 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=19e1beb7-925e-45d7-a87b-447402156469&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:43 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:26:43 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 74
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                  Age: 0
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:43 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  18192.168.2.54994313.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:43 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=b1f9d30a-4d02-478f-8a1f-0bd9525f8618&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:43 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:26:43 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 19
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:43 UTC19INData Raw: 5b 31 37 33 32 34 34 34 30 30 33 35 34 38 36 37 30 37 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: [17324440035486707]


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  19192.168.2.54995413.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:46 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=fcf91bbd-a68f-4612-8a5c-20499ac2cc1d&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:46 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:26:46 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 55
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                  Age: 0
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:46 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  20192.168.2.54996113.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:47 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7e86a2c4-8170-4152-af60-04b88101e9d5&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:48 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:26:47 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 55
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                  Age: 0
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:48 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  21192.168.2.54996713.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:49 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=af9dd924-082e-4d82-abb8-ee5a0258cedd&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:49 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:26:49 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 19
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:49 UTC19INData Raw: 5b 31 37 33 32 34 34 34 30 30 39 33 37 30 34 30 39 31 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: [17324440093704091]


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  22192.168.2.54997313.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:50 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5f892e17-d237-499c-b959-33b14b4a20de&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:51 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:26:50 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 74
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                  Age: 0
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:51 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  23192.168.2.54998513.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:53 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=27575d4d-f049-4af3-98fd-29c9ab567af2&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:53 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:26:53 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 19
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:53 UTC19INData Raw: 5b 31 37 33 32 34 34 34 30 31 33 34 38 34 38 34 32 36 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: [17324440134848426]


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  24192.168.2.54998813.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:53 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=13748a53-9ba4-4d0b-89eb-106bb5773f70&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:54 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:26:53 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 55
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                  Age: 6
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:54 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  25192.168.2.55000213.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:56 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=4e8081eb-de73-414b-8c17-81b909623b91&tt=0&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:57 UTC277INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:26:56 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 45
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:57 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 32 34 34 34 30 30 38 33 39 34 36 38 33 38 22 2c 22 72 22 3a 33 33 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"t":{"t":"17324440083946838","r":33},"m":[]}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  26192.168.2.55000113.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:56 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=beca1352-9fbb-4086-9d34-96d86fc42e76&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:57 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:26:57 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 19
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:57 UTC19INData Raw: 5b 31 37 33 32 34 34 34 30 31 37 31 38 34 34 32 36 38 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: [17324440171844268]


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  27192.168.2.55001413.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:26:59 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b47dd5fd-0c11-44f6-8bad-5d4a9e7556e2&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:27:00 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:27:00 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 55
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                  Age: 0
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:27:00 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  28192.168.2.55002013.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:27:00 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=b0e0aedc-7feb-42fd-9d01-6a81d3a7a14a&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:27:01 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:27:01 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 74
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                  Age: 0
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:27:01 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  29192.168.2.55002713.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:27:02 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/036a7bb6-e9ab-4003-820d-512fa1b48707/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=49582081-0068-4f70-b5a7-3884c66622b6&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:27:03 UTC323INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:27:03 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 55
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                  Age: 15
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:27:03 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  30192.168.2.55003313.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:27:03 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=198af10c-e838-4982-a564-e08a82a398e4&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:27:04 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:27:03 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 19
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:27:04 UTC19INData Raw: 5b 31 37 33 32 34 34 34 30 32 33 39 36 31 34 36 32 34 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: [17324440239614624]


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  31192.168.2.55004213.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:27:05 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=6c5d24e4-0b70-422e-83c6-48afa7e568d5&tt=0&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:27:06 UTC277INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:27:05 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 45
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:27:06 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 32 34 34 34 30 31 39 31 34 37 31 38 32 33 22 2c 22 72 22 3a 33 33 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"t":{"t":"17324440191471823","r":33},"m":[]}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                  32192.168.2.55004313.232.67.1994436220C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:27:07 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=7cb6273b-9aee-4659-b8d3-39f4cff22a24&tt=0&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:27:08 UTC277INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:27:08 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 45
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:27:08 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 32 34 34 34 30 31 39 31 34 37 31 38 32 33 22 2c 22 72 22 3a 33 33 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                  Data Ascii: {"t":{"t":"17324440191471823","r":33},"m":[]}


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                  33192.168.2.55005613.232.67.199443
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:27:10 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=025e58c1-51ad-4981-aee3-45a08882b1fd&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:27:10 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:27:10 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Content-Length: 19
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:27:10 UTC19INData Raw: 5b 31 37 33 32 34 34 34 30 33 30 36 31 34 35 38 30 37 5d
                                                                                                                                                                                                                                                                                                  Data Ascii: [17324440306145807]


                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                  34192.168.2.55005813.232.67.199443
                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                  2024-11-24 10:27:10 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/036a7bb6-e9ab-4003-820d-512fa1b48707/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=30375e3f-fc42-4065-9040-b7e8eb57771a&tr=33&tt=17324440191471823&uuid=036a7bb6-e9ab-4003-820d-512fa1b48707 HTTP/1.1
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                  Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                  2024-11-24 10:27:11 UTC279INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                  Date: Sun, 24 Nov 2024 10:27:11 GMT
                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                  Content-Length: 1879
                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                                                                                                                                  2024-11-24 10:27:11 UTC1879INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 33 32 34 34 34 30 32 38 34 33 32 37 31 30 34 22 2c 22 72 22 3a 33 33 7d 2c 22 6d 22 3a 5b 7b 22 61 22 3a 22 32 22 2c 22 66 22 3a 30 2c 22 69 22 3a 22 30 39 36 30 61 34 30 63 2d 39 34 66 30 2d 34 30 66 61 2d 61 31 64 35 2d 36 30 61 32 31 33 62 63 33 34 65 64 22 2c 22 70 22 3a 7b 22 74 22 3a 22 31 37 33 32 34 34 34 30 32 38 34 33 32 37 31 30 34 22 2c 22 72 22 3a 34 32 7d 2c 22 6b 22 3a 22 73 75 62 2d 63 2d 61 30 32 63 65 63 61 38 2d 61 39 35 38 2d 31 31 65 35 2d 62 64 38 63 2d 30 36 31 39 66 38 39 34 35 61 34 66 22 2c 22 63 22 3a 22 30 33 36 61 37 62 62 36 2d 65 39 61 62 2d 34 30 30 33 2d 38 32 30 64 2d 35 31 32 66 61 31 62 34 38 37 30 37 22 2c 22 64 22 3a 7b 22 43 6f 6d 6d 61 6e 64 49 64 22 3a 22 62 37 63 35 65 32 64
                                                                                                                                                                                                                                                                                                  Data Ascii: {"t":{"t":"17324440284327104","r":33},"m":[{"a":"2","f":0,"i":"0960a40c-94f0-40fa-a1d5-60a213bc34ed","p":{"t":"17324440284327104","r":42},"k":"sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f","c":"036a7bb6-e9ab-4003-820d-512fa1b48707","d":{"CommandId":"b7c5e2d


                                                                                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                                                                  Start time:05:24:59
                                                                                                                                                                                                                                                                                                  Start date:24/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\ListaItensVistoriaCorpodeBombeirosObrigatorio.msi"
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6d0b80000
                                                                                                                                                                                                                                                                                                  File size:69'632 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                                                                                                                                  Start time:05:24:59
                                                                                                                                                                                                                                                                                                  Start date:24/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6d0b80000
                                                                                                                                                                                                                                                                                                  File size:69'632 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                                                                                                                  Start time:05:25:00
                                                                                                                                                                                                                                                                                                  Start date:24/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 399844DB614D5E1E27E49AAF003F570D
                                                                                                                                                                                                                                                                                                  Imagebase:0x9a0000
                                                                                                                                                                                                                                                                                                  File size:59'904 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                                                                                                                  Start time:05:25:00
                                                                                                                                                                                                                                                                                                  Start date:24/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:rundll32.exe "C:\Windows\Installer\MSIE1AC.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4710906 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                                                                                                                                                                                                                                                                                                  Imagebase:0x4c0000
                                                                                                                                                                                                                                                                                                  File size:61'440 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000004.00000003.2048777891.00000000045AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                                                                                                                                  Start time:05:25:00
                                                                                                                                                                                                                                                                                                  Start date:24/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:rundll32.exe "C:\Windows\Installer\MSIE3EF.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4711453 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                                                                                                                                                                                                                                                                                                  Imagebase:0x4c0000
                                                                                                                                                                                                                                                                                                  File size:61'440 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000005.00000003.2059724248.00000000041B7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000005.00000002.2111430509.00000000042E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000005.00000002.2111430509.0000000004384000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                                                                                                                  Start time:05:25:07
                                                                                                                                                                                                                                                                                                  Start date:24/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:rundll32.exe "C:\Windows\Installer\MSIFDA2.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4718015 11 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                                                                                                                                                                                                                                                                                                  Imagebase:0x4c0000
                                                                                                                                                                                                                                                                                                  File size:61'440 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000006.00000003.2119989843.0000000004B2C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                                                                                                                  Start time:05:25:08
                                                                                                                                                                                                                                                                                                  Start date:24/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 04E8F29C9872C7FAF44877CCF53966A9 E Global\MSI0000
                                                                                                                                                                                                                                                                                                  Imagebase:0x9a0000
                                                                                                                                                                                                                                                                                                  File size:59'904 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:8
                                                                                                                                                                                                                                                                                                  Start time:05:25:08
                                                                                                                                                                                                                                                                                                  Start date:24/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:"NET" STOP AteraAgent
                                                                                                                                                                                                                                                                                                  Imagebase:0x930000
                                                                                                                                                                                                                                                                                                  File size:47'104 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:31890A7DE89936F922D44D677F681A7F
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                                                                                                                  Start time:05:25:08
                                                                                                                                                                                                                                                                                                  Start date:24/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:10
                                                                                                                                                                                                                                                                                                  Start time:05:25:08
                                                                                                                                                                                                                                                                                                  Start date:24/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\net1 STOP AteraAgent
                                                                                                                                                                                                                                                                                                  Imagebase:0x900000
                                                                                                                                                                                                                                                                                                  File size:139'776 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:2EFE6ED4C294AB8A39EB59C80813FEC1
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                                                                                                                                  Start time:05:25:08
                                                                                                                                                                                                                                                                                                  Start date:24/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:"TaskKill.exe" /f /im AteraAgent.exe
                                                                                                                                                                                                                                                                                                  Imagebase:0xf10000
                                                                                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                                                                                                                                  Start time:05:25:08
                                                                                                                                                                                                                                                                                                  Start date:24/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:13
                                                                                                                                                                                                                                                                                                  Start time:05:25:09
                                                                                                                                                                                                                                                                                                  Start date:24/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="comunicado@gestorempresas.digital" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q3000006YrPqIAK" /AgentId="036a7bb6-e9ab-4003-820d-512fa1b48707"
                                                                                                                                                                                                                                                                                                  Imagebase:0x1a3ff0a0000
                                                                                                                                                                                                                                                                                                  File size:145'968 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2192537362.000001A39A57E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2192537362.000001A39A5A6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2193234139.000001A3FF316000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2192518393.000001A39A530000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000000.2134604036.000001A3FF0A2000.00000002.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2193234139.000001A3FF3A0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2191832938.000001A39A32A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2191000127.000001A381B4C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2193234139.000001A3FF372000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2191000127.000001A381B05000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2193234139.000001A3FF310000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2191000127.000001A381A8A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2191000127.000001A381A59000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2193234139.000001A3FF331000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2191000127.000001A381B36000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2197389171.00007FF848B34000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2194878966.000001A3FF580000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2191000127.000001A381B02000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2191000127.000001A381A84000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2193234139.000001A3FF352000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2191000127.000001A381A82000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2191000127.000001A381A5C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2191000127.000001A381A99000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2191000127.000001A3819D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                                                                  • Detection: 26%, ReversingLabs
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:14
                                                                                                                                                                                                                                                                                                  Start time:05:25:14
                                                                                                                                                                                                                                                                                                  Start date:24/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                                                                                                                                                                                                                                                                                                  Imagebase:0x1dd52410000
                                                                                                                                                                                                                                                                                                  File size:145'968 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3300930591.000001DD52F31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3299820990.000001DD526AD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3300930591.000001DD52E9E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3299476619.000001DD524C0000.00000004.00000020.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3306452994.000001DD6B502000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3300930591.000001DD5300E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3307775502.000001DD6B9A0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3306452994.000001DD6B5C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3300930591.000001DD53091000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3299820990.000001DD52670000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3300664346.000001DD52860000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3300930591.000001DD53132000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3296252193.00000017E17C5000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3300930591.000001DD52E31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3307775502.000001DD6BA70000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3299820990.000001DD526CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000E.00000002.3299820990.000001DD526F8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:15
                                                                                                                                                                                                                                                                                                  Start time:05:25:14
                                                                                                                                                                                                                                                                                                  Start date:24/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff722f20000
                                                                                                                                                                                                                                                                                                  File size:72'192 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:16
                                                                                                                                                                                                                                                                                                  Start time:05:25:14
                                                                                                                                                                                                                                                                                                  Start date:24/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:18
                                                                                                                                                                                                                                                                                                  Start time:05:25:15
                                                                                                                                                                                                                                                                                                  Start date:24/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                  Commandline:rundll32.exe "C:\Windows\Installer\MSI1EAC.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4726484 33 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                                                                                                                                                                                                                                                                                                  Imagebase:0x4c0000
                                                                                                                                                                                                                                                                                                  File size:61'440 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000012.00000002.2267776351.0000000004534000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000012.00000003.2204528451.000000000409F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000012.00000002.2267776351.0000000004491000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:19
                                                                                                                                                                                                                                                                                                  Start time:05:25:32
                                                                                                                                                                                                                                                                                                  Start date:24/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 036a7bb6-e9ab-4003-820d-512fa1b48707 "947f5ffd-2187-4fed-88a8-f6375fd81e42" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q3000006YrPqIAK
                                                                                                                                                                                                                                                                                                  Imagebase:0x1c717170000
                                                                                                                                                                                                                                                                                                  File size:177'704 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:FD9DF72620BCA7C4D48BC105C89DFFD2
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2404938778.000001C717300000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000000.2365900358.000001C717172000.00000002.00000001.01000000.00000016.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2405596328.000001C717580000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2405538328.000001C717522000.00000002.00000001.01000000.00000018.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2404938778.000001C717391000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2405717306.000001C717BB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2405717306.000001C717C23000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2404938778.000001C71730C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2404938778.000001C717344000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2405717306.000001C717C33000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:20
                                                                                                                                                                                                                                                                                                  Start time:05:25:32
                                                                                                                                                                                                                                                                                                  Start date:24/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:22
                                                                                                                                                                                                                                                                                                  Start time:05:26:21
                                                                                                                                                                                                                                                                                                  Start date:24/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 036a7bb6-e9ab-4003-820d-512fa1b48707 "d33bc958-4922-4182-b68f-3483e8de9f0d" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q3000006YrPqIAK
                                                                                                                                                                                                                                                                                                  Imagebase:0x281d8690000
                                                                                                                                                                                                                                                                                                  File size:177'704 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:FD9DF72620BCA7C4D48BC105C89DFFD2
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2889283175.00000281D881B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2890703080.00000281D9151000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2890019298.00000281D8BA0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2889283175.00000281D87E0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2889283175.00000281D87E9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2889283175.00000281D8825000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2890703080.00000281D920F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2890703080.00000281D9197000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2890703080.00000281D91D3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2890703080.00000281D91C3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2889283175.00000281D8869000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2890146542.00000281D8FF9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:23
                                                                                                                                                                                                                                                                                                  Start time:05:26:21
                                                                                                                                                                                                                                                                                                  Start date:24/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:24
                                                                                                                                                                                                                                                                                                  Start time:05:26:36
                                                                                                                                                                                                                                                                                                  Start date:24/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 036a7bb6-e9ab-4003-820d-512fa1b48707 "74b28cea-d314-412b-b1ac-0c6c5fd129c1" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q3000006YrPqIAK
                                                                                                                                                                                                                                                                                                  Imagebase:0x1a0da800000
                                                                                                                                                                                                                                                                                                  File size:177'704 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:FD9DF72620BCA7C4D48BC105C89DFFD2
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.3042477973.000001A0DA9DB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.3042477973.000001A0DA9BB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.3043333128.000001A0DB1DF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.3043333128.000001A0DB121000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.3043122159.000001A0DAC00000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.3042337428.000001A0DA9A0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.3042879015.000001A0DAA5B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.3043333128.000001A0DB193000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.3043333128.000001A0DB167000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.3043333128.000001A0DB1A3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.3042477973.000001A0DAA23000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.3042337428.000001A0DA9A8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                  Target ID:25
                                                                                                                                                                                                                                                                                                  Start time:05:26:36
                                                                                                                                                                                                                                                                                                  Start date:24/11/2024
                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                    Function 06B31630 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.2049652179.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6b30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: $sq$$sq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1184984226
                                                                                                                                                                                                                                                                                                    • Opcode ID: b0e7342b049f11b5f120dc7624ad04c6babb8a74c21610e30547b010c2cedc23
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8db3bb572df442e4b1ab63cc8d5839393c7f4cdb302d1942830fe85cdd8d201f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b0e7342b049f11b5f120dc7624ad04c6babb8a74c21610e30547b010c2cedc23
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 665100B5B002189FCB55DFBCD8506AEBBFAFFC9250B24816AE414D7365DA309C02C7A1
                                                                                                                                                                                                                                                                                                    Function 06B31080 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.2049652179.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6b30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (wq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1062398946
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3daf695176848d0aa370d16a0d153501c61e994a59bbe34a8a0ad6825e164ccd
                                                                                                                                                                                                                                                                                                    • Instruction ID: 97ba0a9009a061fb2f37aaa13d5caec5b354a624a81a90ec7129f8ed3765f726
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3daf695176848d0aa370d16a0d153501c61e994a59bbe34a8a0ad6825e164ccd
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 94719671B102249FDB54ABB9CC546AEB7ABFFC8310F148069D906DB3A4DE74DC429790
                                                                                                                                                                                                                                                                                                    Function 06B30C1C Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.2049652179.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6b30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (wq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1062398946
                                                                                                                                                                                                                                                                                                    • Opcode ID: a0ab9355a5c3caee6511225220c7383054cc17d3e8223463773e94ffc7f9808a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3462eae6756c3b9582d477769e5874ce7360f73b6a123aebe035c49bb3d2b3f8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0ab9355a5c3caee6511225220c7383054cc17d3e8223463773e94ffc7f9808a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D51A470B04364AFDB859B78D8547AE7FB7EF89310F1484AAD805EB381CE795C058791
                                                                                                                                                                                                                                                                                                    Function 06B32644 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.2049652179.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6b30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (wq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1062398946
                                                                                                                                                                                                                                                                                                    • Opcode ID: 517d9de4243f72ee3998a066008db8a17a7a856a304f8da9fa30ad13671980f6
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9c546592a1303eaf7c4a4e821c327229467a3f5432b0786f0ae07ff4ec53db22
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 517d9de4243f72ee3998a066008db8a17a7a856a304f8da9fa30ad13671980f6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55312671B083641BEBA96A39686437E7BDBCFC6210F0484FAD805DB382ED789D0553A1
                                                                                                                                                                                                                                                                                                    Function 06B32764 Relevance: .4, Instructions: 394COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.2049652179.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6b30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3e460eaefb34c9f91a4e8366b81297538f8254bf4fe78e9d0bfc424f9ee3c600
                                                                                                                                                                                                                                                                                                    • Instruction ID: 04f3c2e718ab165e19329001d5c1366d93e53c66fb91bad48962180577c5fcb0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e460eaefb34c9f91a4e8366b81297538f8254bf4fe78e9d0bfc424f9ee3c600
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67E092B0D09209CF87C4EFB995415AA7FF2BA5920472082EEC44CD7310E73386038B91
                                                                                                                                                                                                                                                                                                    Function 06B323B8 Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.2049652179.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6b30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: cc71a20b1d9efba8fe4f309c75ec62e7ebd0bcc064e08ae6c9db4b147f223e26
                                                                                                                                                                                                                                                                                                    • Instruction ID: cab97dd66854d7f27bc570243018f11b3e96f58fda232239ce2af2c74c2717f6
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cc71a20b1d9efba8fe4f309c75ec62e7ebd0bcc064e08ae6c9db4b147f223e26
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9512271B052218FCB50CB68D890A6EBBF1FF45314B2691E6E618DB362DA31DE42C781
                                                                                                                                                                                                                                                                                                    Function 06B32268 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.2049652179.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6b30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: def742cbbe651ac776414b3058d6fe325a62bbf7f0d581f76146b570560e141b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7fb49cc06388c1876f5e59cfc48c358e7228c11031a88cbf76c1aa0d856c694e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: def742cbbe651ac776414b3058d6fe325a62bbf7f0d581f76146b570560e141b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43411879B102189FCB94DF68D99099EBBB2FF8C310B10816AE905EB361DB31DD41CB90
                                                                                                                                                                                                                                                                                                    Function 06B32664 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.2049652179.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6b30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: df0c350d98bdbd4f0f06e5a0cad3419337fce2569992cd02fb8aad59da9fa571
                                                                                                                                                                                                                                                                                                    • Instruction ID: 18e8b53ed0f1633a6bdf663468c9b363571d604b790aa356248646b5bf56750d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: df0c350d98bdbd4f0f06e5a0cad3419337fce2569992cd02fb8aad59da9fa571
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 152135B2F453396FD3C526B838543EA3F59CF42260F1194E3E9189B251D938C98A93A1
                                                                                                                                                                                                                                                                                                    Function 06B31050 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.2049652179.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6b30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6bff50363538101da7a72546afbee39216e3f5637da5f43d68265b7bdda76dd9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8064c5e35a57a632590e377e83dce9ba47d1bed5fe5202ee19393e83bdf7103c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6bff50363538101da7a72546afbee39216e3f5637da5f43d68265b7bdda76dd9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B2128B2B002749BDB449E7D98906EE7BABDF84204F0490B6C906DB341EA35CD0AD790
                                                                                                                                                                                                                                                                                                    Function 06B32258 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.2049652179.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6b30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: bdb8e9717de1c8db19dbaadf8beda69f1db0f969e8a2c9850ff2f6850f514eff
                                                                                                                                                                                                                                                                                                    • Instruction ID: d831d3c655a8f5f1f61cecfb205270c5eea7701fe5eacef25797a95a55d4a5eb
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bdb8e9717de1c8db19dbaadf8beda69f1db0f969e8a2c9850ff2f6850f514eff
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25211A75F102189FCB94DF79D88599EBBB6EF8C710F10816AE815EB320DB319941CBA0
                                                                                                                                                                                                                                                                                                    Function 06B31958 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.2049652179.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6b30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 118b6e433a57689efdce8952a831e9d46b3872dc64e33caa25f4bfdd0dddd722
                                                                                                                                                                                                                                                                                                    • Instruction ID: 414247c63b64be13d789e17252e0bdd03bb988d43c9d8e4880b79235c281ab92
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 118b6e433a57689efdce8952a831e9d46b3872dc64e33caa25f4bfdd0dddd722
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B119D75600254FFCB44CFA4E454AE9BFB7EF8C320F148059E80AA7341CA799C45DBA0
                                                                                                                                                                                                                                                                                                    Function 06B31378 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.2049652179.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6b30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0b98126cf0baab2ba0fde2990f45a765721a48a4703b2808655a4405d39c8559
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1f84eab64d1d607e21babf93b47163dbab8f89e8f76ab9b8553363fff1dab71b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b98126cf0baab2ba0fde2990f45a765721a48a4703b2808655a4405d39c8559
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8621E3B1D042498FDB20DFAAC485ADEFBF4FF88324F10846AD519A7240C7756945CFA1
                                                                                                                                                                                                                                                                                                    Function 06B31380 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.2049652179.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6b30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 959e6383517ab31dbd1710cf34422b7a71191736043c8719ce7a1e50b2e25c86
                                                                                                                                                                                                                                                                                                    • Instruction ID: 71c5fc68f5748e07e8d1957c9edfec6d78f41a643a82d45d96814d415f947e24
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 959e6383517ab31dbd1710cf34422b7a71191736043c8719ce7a1e50b2e25c86
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B811F4B1D002498FDB20DFAAC885A9EFBF4FF88324F10841AD519A7240C7756905CFA1
                                                                                                                                                                                                                                                                                                    Function 06B31968 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.2049652179.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6b30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5541fb3a64b4d92df9a3e191ef7f9920f4d7c62ae8b608a8a12e58e67becc0f9
                                                                                                                                                                                                                                                                                                    • Instruction ID: a76bf30aa8c8c629ca22f5d6c42d87fea1f0aad1ac3db403ae99b87fdef3c810
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5541fb3a64b4d92df9a3e191ef7f9920f4d7c62ae8b608a8a12e58e67becc0f9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4112B71600254EFCB44DFA4E454AE97FB7EF8C321F148469E80AA7381CB799C45DBA0
                                                                                                                                                                                                                                                                                                    Function 0455D005 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.2051146628.000000000455D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0455D000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_455d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 51875ef4a88dcf1364046111663f4b3c026488dd635e2e46bb7af52dffa42b84
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2bc7225bf47a80d44e000e9b73d59796e68379388777b5d3cded6328d2b4ff43
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51875ef4a88dcf1364046111663f4b3c026488dd635e2e46bb7af52dffa42b84
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8016D6240D3C05FD7128B25AD94662BFB8EF43224F19C0DBEC888F1A3D2695C49D771
                                                                                                                                                                                                                                                                                                    Function 06B3182A Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.2049652179.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6b30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2cf20f6b2de7664201b78f0ffa2704aa3fcb4dbb2efee65a35c35f7a622698ec
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0d49503594680c55f8f02e8301711aebae509abb2be2098bc850d6bcff70c534
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2cf20f6b2de7664201b78f0ffa2704aa3fcb4dbb2efee65a35c35f7a622698ec
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0501A2B5F10239A7EB98AE7C88547AF7AAB9BC8700F1441ADD112B7380CE715C0187E5
                                                                                                                                                                                                                                                                                                    Function 06B31440 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.2049652179.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6b30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2b96678c7d09e5c0a9fa6b73c8b84ad2638daabddeb58b76dc1a9971bcf3ed6d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3d88845d59074f7289835a1e8b81603facbfa2c92bab7d28f00c3c3b43b0924c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b96678c7d09e5c0a9fa6b73c8b84ad2638daabddeb58b76dc1a9971bcf3ed6d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1901D4B0B0A346AFCB4D9B7964652267FAAEFC21047051DEAD909CF553ED14C800A7E1
                                                                                                                                                                                                                                                                                                    Function 0455D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.2051146628.000000000455D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0455D000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_455d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ef216726a7cc396ea6774cab5dbd4523ae28ffef387906c463a962467683e9ad
                                                                                                                                                                                                                                                                                                    • Instruction ID: 41b79bf9441476217bae6087541cace95c88071afbe76da8d6424a047ca2ea1c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef216726a7cc396ea6774cab5dbd4523ae28ffef387906c463a962467683e9ad
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4101FC7250434099D7104F25ECC4776BFA8EF41324F18C457ED484B272E679A849E6B1
                                                                                                                                                                                                                                                                                                    Function 06B32AA5 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.2049652179.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6b30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ee99ac42710f31e09d33c81fcbb0bc0cde0b06c348bb32a11daec1f0b1257d8e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0c6c873074a4e454fe6a9fb10e11ece09f3fdc32e72e6d34bf2342702db0505c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee99ac42710f31e09d33c81fcbb0bc0cde0b06c348bb32a11daec1f0b1257d8e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 94F0ECB5B043305797B4A92798D4B7F779FDFD4651B1490A9E908D3341DE348E0151A4
                                                                                                                                                                                                                                                                                                    Function 06B325D1 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.2049652179.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6b30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: be9c29827c01e47f0844723e262e19a80526d271973265a7fa6fda62cc7c324a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 205a18316cf4d829210e8ec9cc8c4f43b815abd05056565a63ffbec82f133c0a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: be9c29827c01e47f0844723e262e19a80526d271973265a7fa6fda62cc7c324a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13F0E237B141954BCB4D9A68E4581FDBBB39BC9320F20806EE402A7780EE320E1DCB80
                                                                                                                                                                                                                                                                                                    Function 06B31431 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.2049652179.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6b30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 199cba44f5420c9117d7476fa674a081a0041ddea0632b0bf18a118f0bd368dd
                                                                                                                                                                                                                                                                                                    • Instruction ID: 922211b0c8b60599b339c78c15805f4bb924b1070ba422194a8132086bcd9bdc
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 199cba44f5420c9117d7476fa674a081a0041ddea0632b0bf18a118f0bd368dd
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9F090B0B05346AACB4C9F7A70653697FABEFC55147050DAEC50A8F542ED248800EBD0
                                                                                                                                                                                                                                                                                                    Function 06B32654 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.2049652179.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6b30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5eb5f9837097770627704a2085038abff037da57f7974fa35d929c4006bc7dd2
                                                                                                                                                                                                                                                                                                    • Instruction ID: 270eef869480c1e2a530bb8a6d2080850ebd8687424b6627d8c2530c384fb032
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5eb5f9837097770627704a2085038abff037da57f7974fa35d929c4006bc7dd2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E1E092B0B2433817EBF82578591076636CE8F41704F001CB9C841CB681F8F0EA4013E1
                                                                                                                                                                                                                                                                                                    Function 06B325E0 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.2049652179.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6b30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ff5d890e16643660f85606d45d70869f5a7175e3b98f48b17750c3589af02935
                                                                                                                                                                                                                                                                                                    • Instruction ID: e724986d807ccbf12b41659506f8b0ba108883baf04b5fba0ebb64075eeb9b69
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff5d890e16643660f85606d45d70869f5a7175e3b98f48b17750c3589af02935
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ACE0E536F101148BCF089A68E4184FDB7B7DBC8221B11803AD902B3340EF301D0DCB90
                                                                                                                                                                                                                                                                                                    Function 06B32590 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.2049652179.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6b30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: dab472a79927ad8c90464016ec13a7c639b5a9220c885facc73201dd2adbc15a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 907738434b8ffb765778f37120231db6a76bc772b56da1b2c327f4e8b2f5cb5c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dab472a79927ad8c90464016ec13a7c639b5a9220c885facc73201dd2adbc15a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8E0CD715053104ED34EABF478955D43FA3DF92508317A897D1119F212DE11998C53D2
                                                                                                                                                                                                                                                                                                    Function 06B317F0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.2049652179.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6b30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 74b2cc0d311017e9eb3f29144e68855d1f64433260f7b2bf6613c71667805b0c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 697bd9356687289bf88da2690a3812d3bf68617cd946a22870530ec18df9f738
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 74b2cc0d311017e9eb3f29144e68855d1f64433260f7b2bf6613c71667805b0c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0E0C2736182542FC3461B24AC514A97FB9AA1A12131440A3E440C7362D9624D05C3A1
                                                                                                                                                                                                                                                                                                    Function 06B32A58 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.2049652179.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6b30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0816f5d09d50f4c9374fc10b61d177a155fe0cb3f26ae2a27e9c74cc5845bd0e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8648e9548800c9aa29319fd8667b1fc1e198d9d5b01b0cd26152c3d399fc0440
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0816f5d09d50f4c9374fc10b61d177a155fe0cb3f26ae2a27e9c74cc5845bd0e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BDE0ECB0D002099F8780EFB9850156ABBF5AB48204B1085A98408D7201FA3296028B91
                                                                                                                                                                                                                                                                                                    Function 06B30C0C Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.2049652179.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6b30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: fa38d532f9df58d5bd9330bf8237915b529b7a4fa4682ec830037c11d6902522
                                                                                                                                                                                                                                                                                                    • Instruction ID: 297d3d4627a2a389f7c45e50b25b3fe117564b4f9995b93c7ce126f0eb106f63
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa38d532f9df58d5bd9330bf8237915b529b7a4fa4682ec830037c11d6902522
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60D0A7723101287B93486A18D8C687A7BAEEB883603508873FD0293310CD716C4193D9
                                                                                                                                                                                                                                                                                                    Function 06B30440 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.2049652179.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6b30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: bc89e165e2eceb02deb7e01e559b26d56a05096ce1dbd29e32c95174e04c8a9c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2c6fcc7366d2d2bf325b70d6a86a73daa436029646ec7bf9123765b7def59229
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc89e165e2eceb02deb7e01e559b26d56a05096ce1dbd29e32c95174e04c8a9c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52C08CF2E142208BD108C54885802E7B321FF30A0AB8482A6C44508000B2320063F0E0

                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                    Function 06726048 Relevance: 10.3, Strings: 7, Instructions: 1590COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109599408.0000000006720000.00000040.00000800.00020000.00000000.sdmp, Offset: 06720000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6720000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: Plsq$Plsq$Plsq$Plsq$Plsq$Xwq$x xq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1348191398
                                                                                                                                                                                                                                                                                                    • Opcode ID: c809109449fad6f2dbad71071f5a598c9f8eefbed7832d65bb10c8ec268154b2
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2975bd36752cc590b4cc21f5b61c60b5cd5ef516579247f2a2300c362d16e7e4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c809109449fad6f2dbad71071f5a598c9f8eefbed7832d65bb10c8ec268154b2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3ED28534A00616CFCB58DF69C994AAEBBF2FF89300F1584A9E4459B361DB31ED45CB90
                                                                                                                                                                                                                                                                                                    Function 06720040 Relevance: 1.7, Strings: 1, Instructions: 471COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109599408.0000000006720000.00000040.00000800.00020000.00000000.sdmp, Offset: 06720000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6720000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: \;sq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2880507624
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9657c26fd16a58d18f5e44d6107076dd3e78bea12516617e30588dcec131a381
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0a58c218635d2a3834bd269ea11182f3f27d6733caeca3b5922b4234691b6a91
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9657c26fd16a58d18f5e44d6107076dd3e78bea12516617e30588dcec131a381
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18227030E1061ACFDB54DF78C8446ADBBB2FF85300F1192A9D945AB351EB74E985CB90
                                                                                                                                                                                                                                                                                                    Function 0664746A Relevance: 20.9, Strings: 16, Instructions: 921COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: uq$$&tq$(_sq$4'sq$4'sq$4'sq$4'sq$4csq$4csq$@bsq$|-tq$$sq$$sq$csq$csq$uq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3954738323
                                                                                                                                                                                                                                                                                                    • Opcode ID: 11551e404a1d0aa4b81c1a8b13e0b35fc080d745231a76ba692fb67f2fc495e5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 80275ef96d8d709ee95481de1450130a1e8f8bb28fdda455e72204ad8e1f459c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 11551e404a1d0aa4b81c1a8b13e0b35fc080d745231a76ba692fb67f2fc495e5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2FA2F57090025C9FCB259FA0C891AEEBBB2FF89300F1055EAD5096B290DF759E85DF91
                                                                                                                                                                                                                                                                                                    Function 066474C0 Relevance: 20.9, Strings: 16, Instructions: 867COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: uq$$&tq$(_sq$4'sq$4'sq$4'sq$4'sq$4csq$4csq$@bsq$|-tq$$sq$$sq$csq$csq$uq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3954738323
                                                                                                                                                                                                                                                                                                    • Opcode ID: ac0440e34de8ab4f4b60f7e991893d86f21c501fad7d7172d268f18a9ab86c97
                                                                                                                                                                                                                                                                                                    • Instruction ID: 512036b355ba79f0b1331490289b02b94e25e57403a404645c1c13278d418b32
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac0440e34de8ab4f4b60f7e991893d86f21c501fad7d7172d268f18a9ab86c97
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7992E37090021C9FDB259FA0C895AEEBBB2FF89300F1055EAD5096B290DF755E85DF81
                                                                                                                                                                                                                                                                                                    Function 0664B688 Relevance: 4.0, Strings: 3, Instructions: 224COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (wq$\;sq$|rq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-31320200
                                                                                                                                                                                                                                                                                                    • Opcode ID: 975d7772605e66d5ee52f0d0f2b7b1b368679b988d245ea57d6832a2b64cf55a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2610ed39bff095c9c63e08fddeea2045bd84c6a71513067ad1836d14ada47194
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 975d7772605e66d5ee52f0d0f2b7b1b368679b988d245ea57d6832a2b64cf55a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F161D5B5F181165FDB58AA7AC85067FFBABAFC4350B14802AD906DB394DE34DC0287E1
                                                                                                                                                                                                                                                                                                    Function 0664BAD8 Relevance: 3.9, Strings: 3, Instructions: 188COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (wq$(wq$(wq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3966564304
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9a3422755adc5897262e9a22389821f3906efa0b3771b8ac59c8300371a187c4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6914c594ccc2f9c7c5d35d85ecba3435e6fbb1549481efd5e421667c3862a747
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a3422755adc5897262e9a22389821f3906efa0b3771b8ac59c8300371a187c4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A451CF31B041148FDB54EF7DD494AAEBBE6EF8475075540AAE909CB361DE30EC01CB95
                                                                                                                                                                                                                                                                                                    Function 066485C0 Relevance: 2.9, Strings: 2, Instructions: 435COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (wq$d
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2709439444
                                                                                                                                                                                                                                                                                                    • Opcode ID: c174f76f3ff4dc1f5a9e3b13c8d160261c2f8d465cf5f9528dc49aadf0749fef
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7baa300872ec954631c4a30bf899f0b02abd09cb9fa60d08edd861e1dc91e55e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c174f76f3ff4dc1f5a9e3b13c8d160261c2f8d465cf5f9528dc49aadf0749fef
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 84026874A006058FC754DF59C480A6ABBF2FF89314B25CA6DD46A9B765DB30FC42CB90
                                                                                                                                                                                                                                                                                                    Function 06641630 Relevance: 2.7, Strings: 2, Instructions: 156COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: $sq$$sq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1184984226
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3cc04d51308393e37c436c51d34387700e37f2c1e4b5145387f2a7fe443c12de
                                                                                                                                                                                                                                                                                                    • Instruction ID: f1906a5ead30726ad5d3f99b60d65c9a1bad1b8febd39b92651236dd5420c78b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3cc04d51308393e37c436c51d34387700e37f2c1e4b5145387f2a7fe443c12de
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2151C075B042098FCB55EFB8D8506AEBBF6EFCA250B14812AD515DB364DA30DD42CB90
                                                                                                                                                                                                                                                                                                    Function 06644EC0 Relevance: 2.6, Strings: 2, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (wq$4'sq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-4155812017
                                                                                                                                                                                                                                                                                                    • Opcode ID: af3a518069f1273a0496ed0634fd832483ae11fbbb29f879f1bdf5943b87983a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9bf4c429dc9f552bdbdf700c636b37a6f739c6a20b7e2a2a596bb3e0a5bb3d5b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: af3a518069f1273a0496ed0634fd832483ae11fbbb29f879f1bdf5943b87983a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E41BF31B082998FCB98EF69C89065EBBA2FFD5340B2045A9D5058F345DE34DD028BE6
                                                                                                                                                                                                                                                                                                    Function 0664A228 Relevance: 2.6, Strings: 2, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (wq$(wq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-707371155
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2b54bccdcc92a3d0638e4770a827f3155a8095a7c9fcdf2453fef64e29559501
                                                                                                                                                                                                                                                                                                    • Instruction ID: 96bca68ea1d0ee94ad3a5b8558b36be3c864e4304756fc9dd522d9dd9e2c3646
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b54bccdcc92a3d0638e4770a827f3155a8095a7c9fcdf2453fef64e29559501
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09410530B442449FDB59DBA9C894B9EBBF6EF89310F148199D405AB385CF35ED02CBA0
                                                                                                                                                                                                                                                                                                    Function 066430EC Relevance: 2.6, Strings: 2, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (wq$LRsq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-184912505
                                                                                                                                                                                                                                                                                                    • Opcode ID: a1231938a8b4d771652e7d23c9f81de67eb90849be047a8a5d2ccb976f75de1c
                                                                                                                                                                                                                                                                                                    • Instruction ID: da57957b6e188e83e198b83ee534200f4733da8973c154d85288f81e7a91d2f7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a1231938a8b4d771652e7d23c9f81de67eb90849be047a8a5d2ccb976f75de1c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E413470B18254AFEB89AB79985873E7BABEFC5304F00846DE502EB381DE34DC418794
                                                                                                                                                                                                                                                                                                    Function 06646C20 Relevance: 1.6, Strings: 1, Instructions: 333COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (wq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1062398946
                                                                                                                                                                                                                                                                                                    • Opcode ID: e0d7fc8bb67d71f3cac7c1c060ce8db1041913648a3525ce7b03a8173990d0e5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5fec508445e493f9703922c192c88402027903d9d742504f61c051989f247356
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0d7fc8bb67d71f3cac7c1c060ce8db1041913648a3525ce7b03a8173990d0e5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60C18D70B041558FCB58EB69C880A6EBBE6BFC9710B64886DE446DB355DF30EC42CB91
                                                                                                                                                                                                                                                                                                    Function 0664E1F0 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (Axq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-4118678894
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0b587361b98d2c16913e87fe781d4756a30e7e606d7793deefceb2fefbc89972
                                                                                                                                                                                                                                                                                                    • Instruction ID: e7aa406d5129d380f84c6014c645fc7b6cf9dc09c026a39c82a59213c085cb81
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b587361b98d2c16913e87fe781d4756a30e7e606d7793deefceb2fefbc89972
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0EC14D70F102199FDB99EFA9D854AAEBBB6BF88300F144029D902EB351DF719C45CB91
                                                                                                                                                                                                                                                                                                    Function 066499B8 Relevance: 1.6, Strings: 1, Instructions: 324COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (wq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1062398946
                                                                                                                                                                                                                                                                                                    • Opcode ID: 72c15d6a3037394c8a23fadbb299ab8f155a3ca3c44846aaed53485fff5bdba1
                                                                                                                                                                                                                                                                                                    • Instruction ID: 36e9ef62ecd109cbb6c172a0d74385866c69a1de1fa897c8514a72e2664680ac
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 72c15d6a3037394c8a23fadbb299ab8f155a3ca3c44846aaed53485fff5bdba1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ABE11734E007598FCB55DFA8C888A9DBBF2BF89300F148295D809AB365DB74ED45CB90
                                                                                                                                                                                                                                                                                                    Function 06729FE0 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • KiUserExceptionDispatcher.NTDLL ref: 06729FF8
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109599408.0000000006720000.00000040.00000800.00020000.00000000.sdmp, Offset: 06720000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6720000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 6842923-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: 456ea58a4538d46cd3a6758c6ea3775783fb4016b53a8f0acc079d505446364c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2d3d78a77d443fa2e4db9fd59c52de065f20c0a1e84ca5e20b912161f932963c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 456ea58a4538d46cd3a6758c6ea3775783fb4016b53a8f0acc079d505446364c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70113A36E212168FDF70CA78E444BFCB7A1EB89324F148125D511A32D0FA369908CB50
                                                                                                                                                                                                                                                                                                    Function 06729FD0 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                    • KiUserExceptionDispatcher.NTDLL ref: 06729FF8
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109599408.0000000006720000.00000040.00000800.00020000.00000000.sdmp, Offset: 06720000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6720000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID: 6842923-0
                                                                                                                                                                                                                                                                                                    • Opcode ID: ecebf991c3fdd07e60af35295a46df52587d20c9cab6efd84a02e738d14e0623
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3e3f67bc77018477b84127c374e86db045e361a17962c0e3c594d980284c4247
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ecebf991c3fdd07e60af35295a46df52587d20c9cab6efd84a02e738d14e0623
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3113631D222569FDF71CA34D944BFEBBA6AF49224F148528D91163290FB359908CBA0
                                                                                                                                                                                                                                                                                                    Function 0664BE40 Relevance: 1.5, Strings: 1, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: QOl^
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1149416233
                                                                                                                                                                                                                                                                                                    • Opcode ID: 46a4a24966056b4ed95f70a9a7a8c1a9f3e1085019effaaf811fc1fd22f0f9a7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9861ba0bd7c937633b34aca1e331d77a8e1e8359015929a43a29fe09845b6f8b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 46a4a24966056b4ed95f70a9a7a8c1a9f3e1085019effaaf811fc1fd22f0f9a7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AAB15974B006018FCB59EF38D49496ABBF3FF89210B049669E9068B365DF34EC46CB91
                                                                                                                                                                                                                                                                                                    Function 06641080 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (wq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1062398946
                                                                                                                                                                                                                                                                                                    • Opcode ID: 15ee2f3a66acea0b73675f5c27e5ca63da7e21cc5e3513940b4690633c2a410b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 424e9f04724c294305a7ccc400ac6a502a3a083c043f88983ce6d8dbcac41855
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15ee2f3a66acea0b73675f5c27e5ca63da7e21cc5e3513940b4690633c2a410b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF71B735F102189FDB55ABB5C8547BEBBA7AFC9300F148029D506EB390DE34DC928B91
                                                                                                                                                                                                                                                                                                    Function 0664BE33 Relevance: 1.4, Strings: 1, Instructions: 194COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: QOl^
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1149416233
                                                                                                                                                                                                                                                                                                    • Opcode ID: e91e9a35fc3b1d2d144cb913f86c93ae39ef3f2504ca656e4a7a19ad31571c07
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9346158efbff4b1bd7fe5be3309896294dc773334d2e34b30b5de32dc464247b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e91e9a35fc3b1d2d144cb913f86c93ae39ef3f2504ca656e4a7a19ad31571c07
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1716B74B006058FCB55DF38D8949AAFBF3FF89200B049669E9069B355DB34E846CF91
                                                                                                                                                                                                                                                                                                    Function 06646048 Relevance: 1.4, Strings: 1, Instructions: 188COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (wq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1062398946
                                                                                                                                                                                                                                                                                                    • Opcode ID: f9a3c9ca828c3320c60d2c387bb1afad30d369d0b4427b7e709818821783b6d7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9475baedfd3a4f33965ef5094dbc240194964be72dee8c41db99cced989ce80c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9a3c9ca828c3320c60d2c387bb1afad30d369d0b4427b7e709818821783b6d7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5711871E106089FCB44DBE4C4A0AEEBFB3EF89310F10442DD6566B790DE355945DBA1
                                                                                                                                                                                                                                                                                                    Function 066468E0 Relevance: 1.4, Strings: 1, Instructions: 185COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (wq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1062398946
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3451f3f27a983f0259339d513f46322bc308f576cd1870cbf9d1ab04016afb72
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7180f0d2a9f4c5bdbbbc585e92a87a87ddcf297eab1cc4b870e7981659cfc178
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3451f3f27a983f0259339d513f46322bc308f576cd1870cbf9d1ab04016afb72
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C615C7AB005059FCB50DF69C88099ABBF6FF8D310B1484AAE519DB321D731ED15DB90
                                                                                                                                                                                                                                                                                                    Function 06640C1C Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (wq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1062398946
                                                                                                                                                                                                                                                                                                    • Opcode ID: a7ceabaa6fa9c992d4df048bf702c49def7f0e1bf12209393dc823f361b00562
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0ebcf118be3b2695351f33e4872992708902b3aebce3d1a2988a56da3958a57e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a7ceabaa6fa9c992d4df048bf702c49def7f0e1bf12209393dc823f361b00562
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2751F130B04254AFEB85AF78D8587AEBFB2EF89314F14446AD546AB381CE385C85C791
                                                                                                                                                                                                                                                                                                    Function 06640E8C Relevance: 1.4, Strings: 1, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (wq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1062398946
                                                                                                                                                                                                                                                                                                    • Opcode ID: e94f6afc52696c9af78214330fbe32d98b824ff9b69409f29ff9c009388e7e97
                                                                                                                                                                                                                                                                                                    • Instruction ID: 611b49c17fac8b065e5bc305d2e8c1885a3fba6f66dac0e4a574fe5af9b54fd8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e94f6afc52696c9af78214330fbe32d98b824ff9b69409f29ff9c009388e7e97
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 95411635B401155BEB98BB68D86476EBB9BDFC4300F20442DE906AB380CE349D46C7D9
                                                                                                                                                                                                                                                                                                    Function 0664C4D8 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (wq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1062398946
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0cce79914cb71e682b291b7b91f6a441351c791c763231ed4106834ea5c16301
                                                                                                                                                                                                                                                                                                    • Instruction ID: 69832ad7f21232ceabe40d6ab5ac8ee67d4cb45bbda4cbcfbd399384085435be
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0cce79914cb71e682b291b7b91f6a441351c791c763231ed4106834ea5c16301
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2851C231704A418FC769DB29D494A6ABBE7EFC5310B08DA6DD54A8B761CE34EC42CB90
                                                                                                                                                                                                                                                                                                    Function 0664E428 Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (Axq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-4118678894
                                                                                                                                                                                                                                                                                                    • Opcode ID: c3aa2e54d7fb489e89cc0dd1749fa03fc0af42e3824f9b57e500bdcd491f20a0
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2235f9d0a206576af5cf6b5ef450a0b37f5fab63c2799c8d763e29b1e5ff2927
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3aa2e54d7fb489e89cc0dd1749fa03fc0af42e3824f9b57e500bdcd491f20a0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97416F70F102159FDB98EF65D854AAEBBB6BF88200F144529E916AB350EF319C01CF91
                                                                                                                                                                                                                                                                                                    Function 0664EA88 Relevance: 1.4, Strings: 1, Instructions: 122COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (wq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1062398946
                                                                                                                                                                                                                                                                                                    • Opcode ID: e9ca78955fceb0e899a4e1d2b48ba915259717cd4bb93640b84250ef1d25ea81
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7986b6245e740b6f6410c7c263e6f8baaeaa7534531caef96caa1085861739c0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e9ca78955fceb0e899a4e1d2b48ba915259717cd4bb93640b84250ef1d25ea81
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4431E134B102158FDB48AA7ED4949BEBBA7FFC46507144479E906CB390DF32DC028BA1
                                                                                                                                                                                                                                                                                                    Function 066485B0 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (wq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1062398946
                                                                                                                                                                                                                                                                                                    • Opcode ID: 279e7e7fba3ab508a84ef5d637e75617239ea30a7b066276191b0f3c1cb94a0c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4ce18b53c2c72e0218d2b0b2b3100748c9483c22b1549a2e947f826c5fe9e892
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 279e7e7fba3ab508a84ef5d637e75617239ea30a7b066276191b0f3c1cb94a0c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB416834B006058FDB94EF59C480A6AFBF6FF89314B15896DD85AAB351CB34E841CF94
                                                                                                                                                                                                                                                                                                    Function 066445C8 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (wq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1062398946
                                                                                                                                                                                                                                                                                                    • Opcode ID: 56e8e440eebfac9a0b27f0d117af6aa5be1192b5d68c46a7a5ff0b594eaaa379
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5286e5ab70cde31c05617c730dae561ffb966b3049ee5d123102cf0de0bcc586
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 56e8e440eebfac9a0b27f0d117af6aa5be1192b5d68c46a7a5ff0b594eaaa379
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 502135347052446FCB44EB6DD84096A7BEBEFCA31075484AAF509CB311DE31EC02CBA1
                                                                                                                                                                                                                                                                                                    Function 06644EB0 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: 4'sq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1075809040
                                                                                                                                                                                                                                                                                                    • Opcode ID: 24a334fe2ce4bcaa099156a2fc37fe09466f3bfc30722c6b18515dc2eab5b769
                                                                                                                                                                                                                                                                                                    • Instruction ID: f88aab0e80927eb09f08ab4302081cfee218eff698bcde68689adf7b5e375e0c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 24a334fe2ce4bcaa099156a2fc37fe09466f3bfc30722c6b18515dc2eab5b769
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50316E71A002498FCB54EF68D880A9BBBA6FFC5304B108999E4159F356DF70D916CBE2
                                                                                                                                                                                                                                                                                                    Function 06643719 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: LRsq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3165563352
                                                                                                                                                                                                                                                                                                    • Opcode ID: 61cfcb877674cd049c5495cf636629d9df028cdb5d2ec30eea7cc77c1641332c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4d53274ca650091522c5a8b8ebcd9758edb3b323bc999790a91fcfddfb27780f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61cfcb877674cd049c5495cf636629d9df028cdb5d2ec30eea7cc77c1641332c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C21A671B04115AFEB98EE25D84577F77EAEFC5604F10442DE446E7394EB34A9008794
                                                                                                                                                                                                                                                                                                    Function 06645F38 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: LRsq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3165563352
                                                                                                                                                                                                                                                                                                    • Opcode ID: 59609d9ed7272776bd851b08a88377f46df5b51aa39f44f35355653f4fbdd53e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 264cc3fd0c644fab22702024cf032e21cb248466c828e8e02eb8798f565e5e4c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59609d9ed7272776bd851b08a88377f46df5b51aa39f44f35355653f4fbdd53e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D21AF30B102099FDB589F69D459AAEBBF6EF88710F20805DE402EB390DF719C018FA5
                                                                                                                                                                                                                                                                                                    Function 0664AF10 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: \;sq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2880507624
                                                                                                                                                                                                                                                                                                    • Opcode ID: b25e04db49c0e64c77c8e64c5264336bbc94ecff751e187ebbf7cc0748ecf59e
                                                                                                                                                                                                                                                                                                    • Instruction ID: a69a99570949be34d0a24ad4db1c4d81fa9e42b70c7f9b57dd3492325d05f5d2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b25e04db49c0e64c77c8e64c5264336bbc94ecff751e187ebbf7cc0748ecf59e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA119E723042015F9BA4AAAEE89096BF7DBEFC8264314803BE50EC7749DE60EC0047A0
                                                                                                                                                                                                                                                                                                    Function 06645F48 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: LRsq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3165563352
                                                                                                                                                                                                                                                                                                    • Opcode ID: ffd9e0d6099de45b34e93cc05414cf1b2107f7ce6cc5b217cf62c931ba58db7e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 44c89501a431d674d544d7386605f6bf5826d999512b2b79a97475135bb33e0a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ffd9e0d6099de45b34e93cc05414cf1b2107f7ce6cc5b217cf62c931ba58db7e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE215E34B101089FDB589B69D459AAEBBF7EF88610F108059E502EB390DFB19C018F95
                                                                                                                                                                                                                                                                                                    Function 06643370 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: fxq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-231241188
                                                                                                                                                                                                                                                                                                    • Opcode ID: eeacd34b5cba4738ce18b593a0bec5d6697f868fb3c0ef08aa2b64352e5210c8
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5c989da33fb3b491dcbf783a62fe833dc28cea5ab59b5408dc3a3f9c5ef84ce9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eeacd34b5cba4738ce18b593a0bec5d6697f868fb3c0ef08aa2b64352e5210c8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41118635B001059FCB489FA5A4499AFBFEBEB88710B108019F906D7380DE349D059BD5
                                                                                                                                                                                                                                                                                                    Function 06643380 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: fxq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-231241188
                                                                                                                                                                                                                                                                                                    • Opcode ID: 57bc265f07eca54c6e4a3b2e09fbe85e66267b7a83d0a047fc84e0fbcea172e8
                                                                                                                                                                                                                                                                                                    • Instruction ID: 989578473b5cd2f63ff583fb1725e6be7d103823b6712c27fd2f05405154e396
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 57bc265f07eca54c6e4a3b2e09fbe85e66267b7a83d0a047fc84e0fbcea172e8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D118675B001049FCB489BA5A44997FBFABFB88710F008029F906D7380DE345D018BD1
                                                                                                                                                                                                                                                                                                    Function 066457B8 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (wq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1062398946
                                                                                                                                                                                                                                                                                                    • Opcode ID: b218f51ba14ebf5f2046a2536edbf769a55fa160d8abffd094be4842b812cba1
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0f9369422442f8d533cc595d890d28c68b462bb3f7f854e8c7a64752094e151c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b218f51ba14ebf5f2046a2536edbf769a55fa160d8abffd094be4842b812cba1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A01F2307082404FDB49AB3DD850A6E3BDB9FC620071848AED04ACF742DE26EC06C7A6
                                                                                                                                                                                                                                                                                                    Function 0664E3EB Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: C8
                                                                                                                                                                                                                                                                                                    • API String ID: 0-816706217
                                                                                                                                                                                                                                                                                                    • Opcode ID: 18a2001ec87a58de676c3c8d631a019bdcf535c0bc0c7a6b9e639963788c8f5d
                                                                                                                                                                                                                                                                                                    • Instruction ID: a57da516b388b261abdbfabd218470b8ce2aedfb7c95fe15e10734b3424dc908
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 18a2001ec87a58de676c3c8d631a019bdcf535c0bc0c7a6b9e639963788c8f5d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8501F432F102108BC792AA58D8503BE7B73FFC4310F54855AE6026B380DF716C068BD0
                                                                                                                                                                                                                                                                                                    Function 0664E36A Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: C8
                                                                                                                                                                                                                                                                                                    • API String ID: 0-816706217
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2fa4af5a7ed5d605e6556b1f3986e7d0725d01248ea20469c1c1f3bf5a0d5cdf
                                                                                                                                                                                                                                                                                                    • Instruction ID: da6ed983d8a0caeb8275cdcd1c56943e46a7cefb4125ce59c77ae827e9a24e55
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2fa4af5a7ed5d605e6556b1f3986e7d0725d01248ea20469c1c1f3bf5a0d5cdf
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2EF0C236F102108BC796AA58D8503AD7773FFC4750F59856AE6466B380DFB1AC068BD0
                                                                                                                                                                                                                                                                                                    Function 066499A8 Relevance: .3, Instructions: 298COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a0d3723e976c5e8fcfdbc03c44581060bef8879abaa77db3541a85864447a0fb
                                                                                                                                                                                                                                                                                                    • Instruction ID: 994b4a342be55cb6655c3ae344d1a1d3e8afd9f0373c74e6b4e768265952dfc6
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0d3723e976c5e8fcfdbc03c44581060bef8879abaa77db3541a85864447a0fb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BBD10974E103598FCB55DFA8C888A9DBBF2BF89300F148295D808AB365DB74ED45CB90
                                                                                                                                                                                                                                                                                                    Function 0664ABA0 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 618db873853a86b676e797179254b94357eaa4182d87aebfd5b05fddbcd3bc36
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1e8f9f3adb37f1c63a4274abc8a159697581e0c3bd46c8223a35fcf9303b1d1d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 618db873853a86b676e797179254b94357eaa4182d87aebfd5b05fddbcd3bc36
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B510834790501DFDB88AF69D99892A77F7AFC961132984A9E506CB379DF31DC02CB40
                                                                                                                                                                                                                                                                                                    Function 0664E7D8 Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2c167d7ae312eb49d726069c9f97130f316e350f3c91ac10d4aef548b0f4ee21
                                                                                                                                                                                                                                                                                                    • Instruction ID: 39d745c1157a565d2c9619bf9cac4c92ed5ce3f76265f701729ec609330e1805
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c167d7ae312eb49d726069c9f97130f316e350f3c91ac10d4aef548b0f4ee21
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C616C30B006099FDB98EFA9D59866EB7F7BF88700B24942DD506EB390DF719C418B91
                                                                                                                                                                                                                                                                                                    Function 0664A955 Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 59f28745574443ccc4cbb9d2e45234ae02f66bf85841374400ed3c8f33a834b3
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9c765ac2c8a34824f25cb90f54ccd38893f061116a9e965cc858bd9dddb1b045
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59f28745574443ccc4cbb9d2e45234ae02f66bf85841374400ed3c8f33a834b3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B515E6190E3D59FC707EB7898A05D97FB1AF87214B0A04CBC4C1DF2A3E6345949CBA6
                                                                                                                                                                                                                                                                                                    Function 0664B48F Relevance: .2, Instructions: 172COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: bd54f2087dc4ba8ece81a722229fd1206aae3aca6b69902ab6ac46e688a43218
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9d32fa1e178c73ad5e70c29a09213f1136797c2c6be48bbd2e2b294f0c0b83c9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd54f2087dc4ba8ece81a722229fd1206aae3aca6b69902ab6ac46e688a43218
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74518E7150A3D18FD706DB38DCA5596BFB5EF8321470A50CBD481CF1A3EA34894AC7A2
                                                                                                                                                                                                                                                                                                    Function 06645482 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9d0541c6666e627bef12321de6aa7ce35c8b4d2beffec9b825404060b770c2f0
                                                                                                                                                                                                                                                                                                    • Instruction ID: f6965461d9b588c3b27c9135fa486fabb81935b85329d6305ab7ef433a2156a9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d0541c6666e627bef12321de6aa7ce35c8b4d2beffec9b825404060b770c2f0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D251F574E10209ABCB44EBE4EC98AAEBB73EF88310F50545DE61267390CF352961DF65
                                                                                                                                                                                                                                                                                                    Function 06646C10 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: d783059349e8a1a0e2cade0275d8a5f7572fc78fcf50b441ca10acae3b50440a
                                                                                                                                                                                                                                                                                                    • Instruction ID: aa977de5a5bf9bb74d66f7fd7cb30d48796d60adbd67587a78b0e8db3b1a6009
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d783059349e8a1a0e2cade0275d8a5f7572fc78fcf50b441ca10acae3b50440a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB515C70B002068FCB54EF69C994AAEBBF2FF89310B258569E405DB391DB30ED41CB91
                                                                                                                                                                                                                                                                                                    Function 0664C918 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: f79c0b83dc0ffd4cfc3547ce21e82c435ae7aff5b4af5fe5c4c1072d08ab8bdc
                                                                                                                                                                                                                                                                                                    • Instruction ID: 759b7e7206088646ea7da4f9175e251da2cf3ec2372b54eb95dc0b70a900ce4f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f79c0b83dc0ffd4cfc3547ce21e82c435ae7aff5b4af5fe5c4c1072d08ab8bdc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6141175241F3E15FD747AB3C98B14D63FB19E5321470A19C7D0C1CE1A3E928898DD3AA
                                                                                                                                                                                                                                                                                                    Function 066434A8 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5f6bd76a963199c2decca0e0217272dbe1a2f0770709c381fa86d0f44c50dc1f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 06ab94e50077dd1be31d5d4654e65945a63d0205a6d66df07dcc2081504f3260
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f6bd76a963199c2decca0e0217272dbe1a2f0770709c381fa86d0f44c50dc1f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA51F7747005069BCB4DEB28E5A456DB7A7EFC4300B40DA2CE4069B344EF70AD4A9FD1
                                                                                                                                                                                                                                                                                                    Function 066434B8 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0758e3595198c4170563fb5535eb16a2fb6d164eab2506bb2574550dee51cc57
                                                                                                                                                                                                                                                                                                    • Instruction ID: a8aea07b72bc9c050b6bb45a9caaf18574e9dd65d129941ba6851faf7ee1a72f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0758e3595198c4170563fb5535eb16a2fb6d164eab2506bb2574550dee51cc57
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9051E8747101069BCB4DEB28E59456DB7A7EFC4300B40DA2CE8069B344EF70AD5A9FD1
                                                                                                                                                                                                                                                                                                    Function 0664B4FC Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4add5ecd92c1471ad118e7bd62d344ea4510f5b11b8ca1bc00cddd4a0ae96190
                                                                                                                                                                                                                                                                                                    • Instruction ID: 016508d166e8560a6ac58c48027bbf50608ba6d5e846a7e640024d39a5f1cf3c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4add5ecd92c1471ad118e7bd62d344ea4510f5b11b8ca1bc00cddd4a0ae96190
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C141B27150A3818FD706DB34ECA59967FB5EF8320470A50D7D480CF2A3EA349946C792
                                                                                                                                                                                                                                                                                                    Function 06645490 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2c8ab1afd6c1c3550f0a175a5689858d047d9b1e3e8bfe51b5e60440bcb1aae3
                                                                                                                                                                                                                                                                                                    • Instruction ID: d88de925fc7277db1dc97c857579578c1c5b218ffb38fd41d5d6c0103f322310
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c8ab1afd6c1c3550f0a175a5689858d047d9b1e3e8bfe51b5e60440bcb1aae3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3251F474E102099BCB44EBE4E8986AEBB73EF88310F50541DE60667390CF352961DF66
                                                                                                                                                                                                                                                                                                    Function 0664B4F7 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5cf57f2784c6973002bd8c232261d92aac3de2aef337b8b331b57df126b18558
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8007c5c818335b726cc70d88a95081c93bcc214da6b5c0c4083327265fe198ad
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5cf57f2784c6973002bd8c232261d92aac3de2aef337b8b331b57df126b18558
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9741D37190A3918FD706EB34ECA59967FB5EF83310B0950D7D481CF2A3EA34894AC792
                                                                                                                                                                                                                                                                                                    Function 0664F649 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: c3e9896498ba6e70a33bb3bebe0b983de601b1dbdc1f343f5fcf509f26aa6538
                                                                                                                                                                                                                                                                                                    • Instruction ID: f4a29855bc35ff92ac4a8ea36ed4363dd5886c431d937761055e413b18de76f4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3e9896498ba6e70a33bb3bebe0b983de601b1dbdc1f343f5fcf509f26aa6538
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8341D270B042918FCB15DB39D8949AEBFF7AFC5200F045599E146CB3A2DB34D906CB91
                                                                                                                                                                                                                                                                                                    Function 0664E7C7 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2d630ec045e1e812cd0fb099d0b6c98ce16085c78bc79faaa4e41f1e6142f604
                                                                                                                                                                                                                                                                                                    • Instruction ID: b1df267a93f41f8ea52414cba54fd294f87d5208421f672be48325c10caaa514
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d630ec045e1e812cd0fb099d0b6c98ce16085c78bc79faaa4e41f1e6142f604
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD41A031F006099FCB58EBB9D4546AEBBF7BF88700B248429D416E7381DF719C058BA1
                                                                                                                                                                                                                                                                                                    Function 0664E1E0 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: b81dcd7c9d095e223d1af6012056b62f28c57bc6bb62a9ae45c626a90374fe45
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2284d67f48b1d68ce6f58e818f3d679d5b0fd2a41371d36fcc9131c17caedd27
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b81dcd7c9d095e223d1af6012056b62f28c57bc6bb62a9ae45c626a90374fe45
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7417C75E012499FCB15DFA9D5909DEBBB2FF89300F248059E801AB361DB30ED46CB90
                                                                                                                                                                                                                                                                                                    Function 06641F08 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 36294619dffa8aa5e1fa11c5b6ef0016f663ac2df8c5d47a2a5941f5513882b0
                                                                                                                                                                                                                                                                                                    • Instruction ID: f3859d0010a0a26289214db967d069c85fa6707e406053d84a9a15cdb5caca4f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 36294619dffa8aa5e1fa11c5b6ef0016f663ac2df8c5d47a2a5941f5513882b0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02316C357053466FCB997F78B86122DBFA9DFC2350B15446BE904CF296DA248D82C3E4
                                                                                                                                                                                                                                                                                                    Function 0664F699 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 638265ac8454748004ae9eb465b074e0c95b78139d4bc4f231ea0a98d1b5e17b
                                                                                                                                                                                                                                                                                                    • Instruction ID: eab93da85070d84925044140c7fadced11a318012721746dabd246a6de28c367
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 638265ac8454748004ae9eb465b074e0c95b78139d4bc4f231ea0a98d1b5e17b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F41BA30A046558FCB54DF28D8989BEBFFBAFC9200B044469E14AC7362DA34AD05CBA1
                                                                                                                                                                                                                                                                                                    Function 06642268 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 91348f488586524b92f5e8080b488d748b643b942db1f48e021d44c4c415bca9
                                                                                                                                                                                                                                                                                                    • Instruction ID: a51464b5513aad6ef929e285db28456bab5d1531b7b301482e30b08ae1d39882
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 91348f488586524b92f5e8080b488d748b643b942db1f48e021d44c4c415bca9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74410875B10118DFCB95EF68D89499EBBB6FF88710B108169E905EB360DB31DD41CB90
                                                                                                                                                                                                                                                                                                    Function 0664F6A8 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 40ac83d1f7c3e3c0e23b551bc1ba831ac6129e73c9e14dc96e31bc837ede6d44
                                                                                                                                                                                                                                                                                                    • Instruction ID: 53de8ee37259a417b6263483bb8ea8d51d40a4636ca73e38588224239080c917
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 40ac83d1f7c3e3c0e23b551bc1ba831ac6129e73c9e14dc96e31bc837ede6d44
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D641CB30A046558FCB54DB28D888A7EBBF7AFC9200B04446DE24AC7362DB74EC05CB91
                                                                                                                                                                                                                                                                                                    Function 0664B080 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2d8f948d726e4520bcfeaf99823b40e758c60846e4a2c9b18b770cb38900b0d1
                                                                                                                                                                                                                                                                                                    • Instruction ID: 450a72cf6de194513e46f9ec4172a67690f2838eb2b0d9541c5248e254a86d3c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d8f948d726e4520bcfeaf99823b40e758c60846e4a2c9b18b770cb38900b0d1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A31AF36B001058FDB54DF6DD884AAEF7EAEF84211B18C17AD919C7351DB70E811CBA0
                                                                                                                                                                                                                                                                                                    Function 0664310C Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: c03c480b61638a750957c11b236b610a41227779979f3f12bcf384b012a4b6d5
                                                                                                                                                                                                                                                                                                    • Instruction ID: c87e3a57873837b5961f62668b45931ab8c354a6be765e65f8c4c1019a6b46d8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c03c480b61638a750957c11b236b610a41227779979f3f12bcf384b012a4b6d5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C22145316563187FD78236A5E8147E67F99DF82320F10806BED98AA391DD398884C3D1
                                                                                                                                                                                                                                                                                                    Function 0664C558 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4635477b781148c96418809f1311048cc177279f44e2ab29c8ad82ba328652fa
                                                                                                                                                                                                                                                                                                    • Instruction ID: efbacb121ec799dda7c6a437471e6f3a20f305a7fb6a40db437550d79d3882f6
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4635477b781148c96418809f1311048cc177279f44e2ab29c8ad82ba328652fa
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19317135200A02CFC765DF25D594926FBF6FF89310B14DA6DD54A8B762CA34F846CB90
                                                                                                                                                                                                                                                                                                    Function 066428F8 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ee4ef420863a1884d6ea6f3537989b8196f244eed4eeac305ed3fc18d0d93bb3
                                                                                                                                                                                                                                                                                                    • Instruction ID: ee3fe100bada88cbf03244f68b7ca1fa5cacc1c94c8bbd6e9aecc870182e2a5d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee4ef420863a1884d6ea6f3537989b8196f244eed4eeac305ed3fc18d0d93bb3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26217F6151E3E16FD707AB38ACA16DA3F709F43204B1A45D7E081DF1A3D9284D49C7EA
                                                                                                                                                                                                                                                                                                    Function 0664B598 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: e56db88059857e4384fb979c9b21d9eff88bc336508e76976ef2a34745909c27
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8d7c70bd55032ca015d328014bfdd0fb1bae9a25fb7bac14fbbf2c3ccc06a9b7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e56db88059857e4384fb979c9b21d9eff88bc336508e76976ef2a34745909c27
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36219F35B00209CFDB55AB75E849AAABBAAFFC4311F149075E9059B380DF70D852CB91
                                                                                                                                                                                                                                                                                                    Function 026DD6A4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2110548329.00000000026DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 026DD000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_26dd000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5b1868874f485bcf1f0192cfa28c0c3b76eddfb3b59e5513f3064a9ca99b0ac7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 953acb2c425f441e839826dc58a19ef288695e38868dad98b7c1e05bd7e08488
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5b1868874f485bcf1f0192cfa28c0c3b76eddfb3b59e5513f3064a9ca99b0ac7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 822137B6904248EFDB15EF14D9C0F26BF65FB88324F24C5A9E9090B356C336D456CBA2
                                                                                                                                                                                                                                                                                                    Function 0664B930 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9b8af54bb5a185084eacfed4d08f0e5209b8cf9e916a4fb8c14436f70b7cee76
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6d46f15edaffd0d2b76b42f5dea3f32d410d8e3404e54569db36dec1831b935c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9b8af54bb5a185084eacfed4d08f0e5209b8cf9e916a4fb8c14436f70b7cee76
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 771182717142008FDB94DA2ED890A6FF7DAEFD9260714803F995ACB345EE72EC0183A4
                                                                                                                                                                                                                                                                                                    Function 066430FC Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 751606c1ef6e4e1acff96a9d40b1dc42048d5ec11b83aa187146d023cb07ecd3
                                                                                                                                                                                                                                                                                                    • Instruction ID: e1cf8dab0653a24ac1207c64a322ba5dfd7ff5568ae3c6975cbf36e44b6028ee
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 751606c1ef6e4e1acff96a9d40b1dc42048d5ec11b83aa187146d023cb07ecd3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C114C20B253582BE7943239D85036E7FDE8F82354F00446EC981EB782ED94DC4143D9
                                                                                                                                                                                                                                                                                                    Function 0664673A Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5c20eba1cabcab487b317348a60e86674ff40e860d727ce1b5458048f33bac7b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 32b9e6ee4f1d559c90d5f1f03d1296e4dd67de441d595c4fdac363a2d66d6baf
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c20eba1cabcab487b317348a60e86674ff40e860d727ce1b5458048f33bac7b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA11D035A04505DFCB50DF68C68456DB7E2FF86320B948A3AD026CB755D730E886CB80
                                                                                                                                                                                                                                                                                                    Function 06642258 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 98db4df06eae3f6adf408297bb2bfef52d4b373531141636d022d3dce82f8b5d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0d10ec205e7e7b9beec2243fe9a2980244d0162bab50c7ac16f0e19103909b75
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98db4df06eae3f6adf408297bb2bfef52d4b373531141636d022d3dce82f8b5d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD21E575A10218DFCB84EF68D88599DBBB6FF4C310B20812AE905AB364DB319941CFA4
                                                                                                                                                                                                                                                                                                    Function 0664A219 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 68a9bf6cc836cb8b5effd7ed17e471a8528ff4e6023c88b7a0f08217f3230e0a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3d933ffe01471bfe8ab88d501ef50f2dcfc7e90cc81638ce92b814e2181682ea
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 68a9bf6cc836cb8b5effd7ed17e471a8528ff4e6023c88b7a0f08217f3230e0a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A115E34E40209ABDB55DF95C580BDEBBF6AF88710F248019E805BB344CA71AD41CBA0
                                                                                                                                                                                                                                                                                                    Function 06643A31 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: edce5ec0e1a44a3e2113732276283cd47273ac14ad0220cf1ce776aaee3c8649
                                                                                                                                                                                                                                                                                                    • Instruction ID: c6ea3d86ca1721157741cc994da2c2e45bfb797b17cb5872c9e4906168e5c051
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: edce5ec0e1a44a3e2113732276283cd47273ac14ad0220cf1ce776aaee3c8649
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A215130B40105AFDB84EF69D854AAABFF7EF8D314F108419E415AB390DE75AC85CB90
                                                                                                                                                                                                                                                                                                    Function 06643A38 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 38db2a5658fa86cc5aebcfa38c94f6ccb651cc6811cb0188291bacae398b42cd
                                                                                                                                                                                                                                                                                                    • Instruction ID: bcfca289dc40681152d9a6a99b31e581078559e0e64157add69047959fb34692
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 38db2a5658fa86cc5aebcfa38c94f6ccb651cc6811cb0188291bacae398b42cd
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B116330B40104AFDB84EF59D854AAABBB3EF8D314F104418E415AB380DE759C85CB90
                                                                                                                                                                                                                                                                                                    Function 06641958 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ddc47462a5b26ed4325a378ac38e92bf18015f063a81417161164f0de905a486
                                                                                                                                                                                                                                                                                                    • Instruction ID: 22599b92666d5103a39a6223d5eeeba99070350c4d3d85ed46a1e4da7b9e13e1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ddc47462a5b26ed4325a378ac38e92bf18015f063a81417161164f0de905a486
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93216035604254AFCB44DF68E459AA9BBB2EF8C324F144419E859AB380DB745CC5CBD0
                                                                                                                                                                                                                                                                                                    Function 0664AAE0 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4872dc22ff7ce269e7dec17c9973b24d625187ad161533a7f9ef44ff449661ba
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8ba24a933f5d1cb5874c7cb04ddb2121bebd4b3542d3093cd3965c4f0cec5654
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4872dc22ff7ce269e7dec17c9973b24d625187ad161533a7f9ef44ff449661ba
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3921D674E0020DDFCB84EFA8D5809AEBBF2EF89310F508499D815AB354DA30AA41CF91
                                                                                                                                                                                                                                                                                                    Function 026DD69F Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2110548329.00000000026DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 026DD000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_26dd000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4fe2663dfa9d4fd4df0699c675d515dd5cecdf76209536a613257ec6b013316d
                                                                                                                                                                                                                                                                                                    • Instruction ID: f3e6cde2128c0230f461a0aa9f39e44547f61281047d0c31eb47d303dac87431
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4fe2663dfa9d4fd4df0699c675d515dd5cecdf76209536a613257ec6b013316d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2311B176904284DFCB16DF10D9C4B16BF72FB84314F24C6A9D9094B656C33AD45ACBA2
                                                                                                                                                                                                                                                                                                    Function 06641378 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1f78b20e2e8235cd20885dc137d0660e4acd0f702286b72cf26ed61d83c58d36
                                                                                                                                                                                                                                                                                                    • Instruction ID: b771121bead5ca0fe678d5dcc5ea82c6df7d34c5ddf2dbb1c502a0d0035dce3c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f78b20e2e8235cd20885dc137d0660e4acd0f702286b72cf26ed61d83c58d36
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 462102B0D04249CEDB20DFAAC581AEEFBF4FF98324F14852AD819A7240C7756945CFA1
                                                                                                                                                                                                                                                                                                    Function 0664A369 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 787bfd67dabeb1daf30098658a3c76a756b45c178d6f611ff90a561df72aa7ca
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0a200f1e15a05650a7cbd540185d24519f1b3c7c4c6939ca4aecabbaf681206b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 787bfd67dabeb1daf30098658a3c76a756b45c178d6f611ff90a561df72aa7ca
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1019C3174C2A4AFD35A67B8881422D7F92CF9625471881DEC485CB796DF26DC03C7A1
                                                                                                                                                                                                                                                                                                    Function 06641380 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0bac4dc394ff29b8a4677a239c431b9a934a7879e6357cb2ee625c673c86a7a2
                                                                                                                                                                                                                                                                                                    • Instruction ID: ad2776bc66df9b025b56498d54791a51edcd42e946f84d604209bf67af12569d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0bac4dc394ff29b8a4677a239c431b9a934a7879e6357cb2ee625c673c86a7a2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B311F4B5D04249CEDB10DFAAC981AAEFBF4FF88324F10841AD519A7240C7756945CFA1
                                                                                                                                                                                                                                                                                                    Function 06642998 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 467ff498b47538ff9c66e227dd61581a75fce83a54bb6ab1d00ae012374b3f7f
                                                                                                                                                                                                                                                                                                    • Instruction ID: f7b5ce4757aeed82a1745910b513bb3e39eda365abb25c2080227898cf6a7274
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 467ff498b47538ff9c66e227dd61581a75fce83a54bb6ab1d00ae012374b3f7f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2011C431519381AFC706EB34E852699BFB1EF42300F2549DBE0819F293DA355E46CBD1
                                                                                                                                                                                                                                                                                                    Function 06641968 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 73e22d05be46967a3ecfd9f8c046de0a120a00c6814efa8d1dfb694f695bfc6f
                                                                                                                                                                                                                                                                                                    • Instruction ID: ba52bdd3eacf9097bd52f97c1e270687323c1db3fd8f05dc2f00d8e9ee3894ae
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73e22d05be46967a3ecfd9f8c046de0a120a00c6814efa8d1dfb694f695bfc6f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 23110075704114AFDB44DF58E458AA97BB6EF8C315F144419E419AB380CF796CC5CBD0
                                                                                                                                                                                                                                                                                                    Function 06641440 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: d04de9ca5c19e4b8ee3c855fdbe9525b52fcdd64f4c0e3144478286814ec9417
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8f51e9813226f3a693c62162cfdc1178ec97854c034a026c26c94b73efe2e619
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d04de9ca5c19e4b8ee3c855fdbe9525b52fcdd64f4c0e3144478286814ec9417
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5401B570B193465FCB49EF78B569125BFA6EEC72483090CEAD509CF192E9248844C3D1
                                                                                                                                                                                                                                                                                                    Function 026DD005 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2110548329.00000000026DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 026DD000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_26dd000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 915c40300b303d2f3dbeb7a46fda3d3ac69d63dffd8a87391b1fa8d3b5dfc7fa
                                                                                                                                                                                                                                                                                                    • Instruction ID: ab268e0caab639d0e14a11c6996870f186fd2e5e7d5ba4fd3119bfe33361aa78
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 915c40300b303d2f3dbeb7a46fda3d3ac69d63dffd8a87391b1fa8d3b5dfc7fa
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27016D6280D3C45FD7124B258D84752BFA8DF43224F1981DBE8888F2A3C2685C45C771
                                                                                                                                                                                                                                                                                                    Function 0664EA75 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 13533369ec344310717f5993d71bbfc43ffd1db7c0283e2cd27481f93fbb855a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4a6088e28ca0f1b8d79eff2d3e0068d971a0238a2fd084ce938813aa60c01341
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 13533369ec344310717f5993d71bbfc43ffd1db7c0283e2cd27481f93fbb855a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7CF02B353093501FC705552D9C508ABBFBBAFCA5103A940A6E508C7363CE599C0247B7
                                                                                                                                                                                                                                                                                                    Function 0664CB90 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5fe66192612f669dbaa1212786edea6598882f78e820b8d4f283daba7018d677
                                                                                                                                                                                                                                                                                                    • Instruction ID: 777253412dd8435c10d2074e158c84fae86ea1d546db8f1d78e7ab98bc985f35
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5fe66192612f669dbaa1212786edea6598882f78e820b8d4f283daba7018d677
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 61F090367095154FE7549A6DEC84A2FB7EBFBC4961314017AE509C3390DB61CC01C7E0
                                                                                                                                                                                                                                                                                                    Function 0664B920 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3f09161428d66ad98f31286ccc1e79bd7ca2ed326d9e012c4fd506348a74b936
                                                                                                                                                                                                                                                                                                    • Instruction ID: 15ef87d87e7183b80749a623a4debc95a9c3b225c70f175fdebd535f25a934ef
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f09161428d66ad98f31286ccc1e79bd7ca2ed326d9e012c4fd506348a74b936
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF0181717402015FD794DA5DD890B6BBBEDDF99360B14403EA859CB740EA71EC00C760
                                                                                                                                                                                                                                                                                                    Function 026DD01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2110548329.00000000026DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 026DD000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_26dd000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1c46da9650f3f42e98d43f8fa3e1f248a7849eea4272ee39547f7e7ddebbc9ce
                                                                                                                                                                                                                                                                                                    • Instruction ID: 362f628445b41eb752a96fc9ff35fc1d12d3824203601e302e0f33419cebe0c2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c46da9650f3f42e98d43f8fa3e1f248a7849eea4272ee39547f7e7ddebbc9ce
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD012BB2809388AAE7146E25CDC0B67BF98DF81334F58C51AED484B242C7789846C6F1
                                                                                                                                                                                                                                                                                                    Function 0664B070 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a41ccc9a74cc35988e1d84745dfa1926eaa4d653ed3ae5d18759aff6b9819d5c
                                                                                                                                                                                                                                                                                                    • Instruction ID: d4f9d14618ad8c80ac38afe21a3dd9d12fe2d270eca46f347abdcb5c81bbafd3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a41ccc9a74cc35988e1d84745dfa1926eaa4d653ed3ae5d18759aff6b9819d5c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B016D357002029BCB54EA6AD980A5EFBEAEFC8251B14813AD518CB354EB71E845CBA0
                                                                                                                                                                                                                                                                                                    Function 0664182B Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: d86f11fd5b6cac5a7553c3eba247c4ea3185b1efd506381bd90baaa111c5db23
                                                                                                                                                                                                                                                                                                    • Instruction ID: 91b5697fea6e46b21ee55d9aacd587dbd68fe75a493da66b262e915e349d3aed
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d86f11fd5b6cac5a7553c3eba247c4ea3185b1efd506381bd90baaa111c5db23
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC018B71A101159BEB98EB68C9913BEBAA7AB88300F14802ED602A7385CE754C418BE5
                                                                                                                                                                                                                                                                                                    Function 066456C2 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: d8565110d136a1049cb24151f23fcc8d70242f635d3c811f0f78cc2c256d9eae
                                                                                                                                                                                                                                                                                                    • Instruction ID: b6bca0bb523d1eab1db7e088b6bd013b45aaf22184822f92a7f93a0e9b1e709e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d8565110d136a1049cb24151f23fcc8d70242f635d3c811f0f78cc2c256d9eae
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9201F270600A456FC358AB79D85466EBBDBEFC0320B40881DE10BCB640DFB5B8198BE5
                                                                                                                                                                                                                                                                                                    Function 066467E2 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2ea0171c002b88cfac66d1190d3a951b13392d9e09754969d1575b0e43ab6cee
                                                                                                                                                                                                                                                                                                    • Instruction ID: ab3a04de7d519bc5fa33c33b06e5b62bd5b41002f4ceaccd0ec661f3798ed20b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ea0171c002b88cfac66d1190d3a951b13392d9e09754969d1575b0e43ab6cee
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 87010074D00209EFCB84EFA8D48169DBBB6EF84300F5095DD9409E7341DA315E459F55
                                                                                                                                                                                                                                                                                                    Function 066456D0 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 868b5bc3a2215b67918478cbc8bc0a9ca5dab6a32eb43515cd9f67b9fc163b4b
                                                                                                                                                                                                                                                                                                    • Instruction ID: ee381d1b63e1b0f98a03d14c87483be40de029bf561812cba9fe70cb2d3aabcb
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 868b5bc3a2215b67918478cbc8bc0a9ca5dab6a32eb43515cd9f67b9fc163b4b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8F0C270700A456BC398ABA9D85457EBAD7EBC4320780892DE10BCB740DFB5BC198BE5
                                                                                                                                                                                                                                                                                                    Function 0664AF00 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 974492501546ce26279022f54bfc204b2f18bb512cf55f223ca8f05a04cfaec6
                                                                                                                                                                                                                                                                                                    • Instruction ID: 21215906040215d12c8685b6859d5acb955061d620f756cf5b0ec3683dcd5997
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 974492501546ce26279022f54bfc204b2f18bb512cf55f223ca8f05a04cfaec6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3DF0E2717052052BCBA49A9EE880A67BBEEEFC8224714842AF80DC7355EE60DC0087A0
                                                                                                                                                                                                                                                                                                    Function 0664CB7F Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4ebbf05607f83cc1192912795c4350e998816f594402bb881e2935e7b17fbdf1
                                                                                                                                                                                                                                                                                                    • Instruction ID: ff968f78f968dd1db8bb4152b4f9aa9408b88aeef0f9f6c5c418b681dcbae310
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ebbf05607f83cc1192912795c4350e998816f594402bb881e2935e7b17fbdf1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6DF0BE32705A164FE7649E59E894B2BF7EEEFC8660710006EE108C73A0DB71DC01C790
                                                                                                                                                                                                                                                                                                    Function 0664576F Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1be70133f681caef1deb59c41f1854eaa69fc83d63f4dd64e418d8dc100d2640
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6e39807aa9317a0559a7f801dce47157fa9c6119735d74b0fe2d5bbbc714b3af
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1be70133f681caef1deb59c41f1854eaa69fc83d63f4dd64e418d8dc100d2640
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9F0E2356196409FCB55F628A8409EA3F9F9FC1224318C8AAE04A9BA02CE206C4947E6
                                                                                                                                                                                                                                                                                                    Function 0664858F Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 52e414d614ea852e8851e5f51a0894a8e7064e307e2a803f4795127c632afe00
                                                                                                                                                                                                                                                                                                    • Instruction ID: c141270276128f799f25ecb64c1926372cd0ade83fde534b234c9ea8cd75ccb1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 52e414d614ea852e8851e5f51a0894a8e7064e307e2a803f4795127c632afe00
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7FF022726043018FCB44EFA8E885829BBA2EF89320B1181AEF545CF362D622DD50CB61
                                                                                                                                                                                                                                                                                                    Function 066467F0 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1fa2c99b4b7d918480d4a0ac3e0ba9e17a87a1f22e4ab86551d2ba064137d293
                                                                                                                                                                                                                                                                                                    • Instruction ID: 34afe21511daf9a9de9dc4e64d3e70c3917835008c01be696669433c389ff9b3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1fa2c99b4b7d918480d4a0ac3e0ba9e17a87a1f22e4ab86551d2ba064137d293
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4801EC70E00208AFCB88EFA8E4455AD7BB6EF84300B50969D9419A7340DE305E059F55
                                                                                                                                                                                                                                                                                                    Function 06645752 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 414001e5df21b842cf3a81e252ab5ba5031e4d03431041a12bb09bff1bb34709
                                                                                                                                                                                                                                                                                                    • Instruction ID: 146fceb3f2df1e21bde68b7539bfd033d3dc13b2c140992b95648b8fc77a57b0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 414001e5df21b842cf3a81e252ab5ba5031e4d03431041a12bb09bff1bb34709
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DCF08C752047099FDA54EBA8E891A9A37DEEF85214B404869E149DB700EB20E841ABA1
                                                                                                                                                                                                                                                                                                    Function 066457A8 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: b7ce3b9491696a3877081c0adcb45406f9b294019d9f27e873d0a480741f45ad
                                                                                                                                                                                                                                                                                                    • Instruction ID: c6e50abc5aba31bcae4dd301aa77576dfb82f050952b0732d409f29c399f24c8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7ce3b9491696a3877081c0adcb45406f9b294019d9f27e873d0a480741f45ad
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8F0BE303002055FCB14EA2CD881E5A7BDADFCA210704486DE446CB311EF20E851D7A1
                                                                                                                                                                                                                                                                                                    Function 06641431 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 445f15b07858466260c00ba24d05be1262438429f350c54a657da4e7422a1f98
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8a18cd3ccb572cc5579d170241967da912984adc81c319ed7713cde873dd9da8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 445f15b07858466260c00ba24d05be1262438429f350c54a657da4e7422a1f98
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8F0C8747042425ECB4DAF78A1691297FA6EFC73983050CAED145CF191EA248880D3D1
                                                                                                                                                                                                                                                                                                    Function 066468D1 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8737632a9dc109f64288c1c6f9fe335cec0ec97d8810787d7fadb7029914d72e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 901a790257da7ca72dac42bf63b7b15930c10147a5e9ed81cf7658c12ccfecee
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8737632a9dc109f64288c1c6f9fe335cec0ec97d8810787d7fadb7029914d72e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51F03A36A00616AFC755CF59D841E89FBFAFF8A210B15C0AAE548DB361E771E900CF90
                                                                                                                                                                                                                                                                                                    Function 066446C8 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: d72a2869b916453aa87bca1242505960aee7b205c84047c71374ff44f61898d4
                                                                                                                                                                                                                                                                                                    • Instruction ID: f260f4e32185de97454638c0f23306d11af04f8a577d0e60ba0f7af5ae98d840
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d72a2869b916453aa87bca1242505960aee7b205c84047c71374ff44f61898d4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86F05E70D0A34CAFCB44DBA8D891A9EBFF9DB55304B0040AAE404D7301DE345A15DB95
                                                                                                                                                                                                                                                                                                    Function 0664C688 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a24360fc5715bf426e37d7fcad1429d6a3af0d31c9bd0045bee9e44bf679270e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9c924e54e05b7e2be416a24c50ce6e7ec03a10f55f035227e8ca55b6243a2616
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a24360fc5715bf426e37d7fcad1429d6a3af0d31c9bd0045bee9e44bf679270e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4FF065757102124BDB58EB7AE840466B7DBAFC82A4704D5B5D909CB360EE71DC42D790
                                                                                                                                                                                                                                                                                                    Function 0664C4C9 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 047edf02416995a9974e57ae953bb236328ab0eaac7024da3118173742cfd1c9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0fe8772158efc2cf3ac94ce52e8d1032df6280e51a76761ac77cae96271e6b49
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 047edf02416995a9974e57ae953bb236328ab0eaac7024da3118173742cfd1c9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86F02731600302B7C76DAE19D840B9EB7DDDBC2250F501639E0448BB40DE70E880C3C0
                                                                                                                                                                                                                                                                                                    Function 06644551 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: d0d83e14377ba3416606880c3edd10ad5d024140516cc8e51bedd15d9b18381a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0e62a8df4d6777766ca5cb43f37cac5f3c6575c9890df0f239d4132ec70bd21d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0d83e14377ba3416606880c3edd10ad5d024140516cc8e51bedd15d9b18381a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0EF08971600A0557C295EE59D59161E77DAEFC4260740442DE50AC7300DF64A9458BA5
                                                                                                                                                                                                                                                                                                    Function 066445B8 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: dd623e30b814442c4efcc8da19d59568b797a053dd0474f28994a2f561258539
                                                                                                                                                                                                                                                                                                    • Instruction ID: f637598338934733b4e2186b6295b7e4805c33bc08eedca47db3aa515d954710
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dd623e30b814442c4efcc8da19d59568b797a053dd0474f28994a2f561258539
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59F0B8343042428FDB249B2CE890A6A7BE7DBC93107044829E08ACB320DF20E8429BA0
                                                                                                                                                                                                                                                                                                    Function 06646038 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: f238530533d703f18ad0e5e8487f8f78f50357bc0ab4bda5e5878520577ee575
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6be660ba897cee27c437984261350402eeefef04ccdf0abb8ad28717a522492e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f238530533d703f18ad0e5e8487f8f78f50357bc0ab4bda5e5878520577ee575
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8F0C231100BA18EC3348F58E444796BFE5EF81718B10681DD0C647A51DBF5B584CB85
                                                                                                                                                                                                                                                                                                    Function 0664AB90 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 53d8b7dd6cc578d6622bf6a6830d5fba59810099f5f53bb222ec57ac3052d981
                                                                                                                                                                                                                                                                                                    • Instruction ID: 01165f9cc1b2f663182e6f2f34fb19f56878b9b8a06fa0661173d2664ea84246
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53d8b7dd6cc578d6622bf6a6830d5fba59810099f5f53bb222ec57ac3052d981
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65F0E5313043009FC3499A79EC94825FBFAEF8A63136440FEE50AC73A2DA29DC05C750
                                                                                                                                                                                                                                                                                                    Function 06644560 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: c0e8b4173bf93b35d3a4d08d3e3fd25bce0f536fdd61596f038f6bd3fcca37ca
                                                                                                                                                                                                                                                                                                    • Instruction ID: 563cb2329c4ed0d066d46b49564321b346fd541415631589597389559e99d426
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0e8b4173bf93b35d3a4d08d3e3fd25bce0f536fdd61596f038f6bd3fcca37ca
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E0E06531700A0517C699BA6DA45056F76DBDFC5260340442DE50E87700DE64A9454BE9
                                                                                                                                                                                                                                                                                                    Function 066438B0 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: cb89264db5062a553dee70b124f76ae4ee570267250a942acf693436b69752c0
                                                                                                                                                                                                                                                                                                    • Instruction ID: ced56b1a28d16a46bfdb843b5b85d6208a14fe68655ece205efeea43ecfb3e7a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb89264db5062a553dee70b124f76ae4ee570267250a942acf693436b69752c0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3CF06530B252591AEBE47566D94039ABFED4B83754F10402EC8D1EB785FED5D44183D1
                                                                                                                                                                                                                                                                                                    Function 066436A9 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: bff90ca1b2582dd3e4b2af29fb3bb8075f2c0777d06fdba2cbf8d3ad16fcbcfa
                                                                                                                                                                                                                                                                                                    • Instruction ID: fc5ad2c482391e7659cea1f525aeee77ff59407aa85c94315e633922d484295c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bff90ca1b2582dd3e4b2af29fb3bb8075f2c0777d06fdba2cbf8d3ad16fcbcfa
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 61F03071E11216AF8B94EFAA89011AEFBF8AB49240B20846EC54AE7300E23196118FD0
                                                                                                                                                                                                                                                                                                    Function 06643CFF Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9d3f99dae24d2c167009bd2315de113384857999aba1822d7dbeba754806031c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5d0d8f2eb80df14d2c3551acf2099fda68fc856017f85bc41e1f2d30ed30af83
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d3f99dae24d2c167009bd2315de113384857999aba1822d7dbeba754806031c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E1F0E57090938CEFC785EF78ECA15697FBEDB4520071054DEE849E7292D931AB10E7A2
                                                                                                                                                                                                                                                                                                    Function 06643CC0 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9245187090dae20ce1bb7b92b8247a74b45c6863fc309454147c098004e1fbfd
                                                                                                                                                                                                                                                                                                    • Instruction ID: cc0f8be611fa962b935705afa39a15f028e9548d49d7c437440fd76b4cca11e7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9245187090dae20ce1bb7b92b8247a74b45c6863fc309454147c098004e1fbfd
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96E0263570026417C75465ADB4256BAFB9FDBC6A31B14005FE605C7392CF56980247E7
                                                                                                                                                                                                                                                                                                    Function 06646AAF Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2e6d54c8d042fdf70b57126a88ce4e96edd61ab420445c193c9a8db99790f5e0
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9dda17194651dc68923ce3fe5e1d9017b4544a2fc40b3898a641842a7a0705ad
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e6d54c8d042fdf70b57126a88ce4e96edd61ab420445c193c9a8db99790f5e0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ACF06D702502149FC310DF58D880D82BBEDAF59310B5482AAE888CF392D721EC02CBA0
                                                                                                                                                                                                                                                                                                    Function 0664C678 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5292e04bcac88940ca7c107325f370bbf88da95d3ae520768fe937b828134d4b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 640664579c1d7a5d834679da69048fa3f1a8f50227472e734ee06d4751d3e9c4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5292e04bcac88940ca7c107325f370bbf88da95d3ae520768fe937b828134d4b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4CE0DF3620131257DB189676D840A92FBAFDF81254B18D9A6A8448A351DF31C883C3E0
                                                                                                                                                                                                                                                                                                    Function 066436B8 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0cfa8bbc40a4569aa7e3c07af7d9aef3d38a138ce3fc30ebf22d8fba1c64544d
                                                                                                                                                                                                                                                                                                    • Instruction ID: effe1045a1347fa6bdc52a44ca67e40fc704ad119beda417eaf1dece15101c1c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0cfa8bbc40a4569aa7e3c07af7d9aef3d38a138ce3fc30ebf22d8fba1c64544d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 31E01270E0421ADF8BC0EFAAD9011AEBBF8AF48140B208569C51DF7300E3329A12CBD4
                                                                                                                                                                                                                                                                                                    Function 0664C1D0 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 338972a072dad33fe1250d44b5463b9f2d924e6b8700de7a204216e46a33b4de
                                                                                                                                                                                                                                                                                                    • Instruction ID: d142b3f5cb4d66d73cd2dc9a709e8cfa861a3917790ca16396496ef838a4b173
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 338972a072dad33fe1250d44b5463b9f2d924e6b8700de7a204216e46a33b4de
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99E02230200200A7C714AF28E15466EBBDBFBC1364F10281EE48683340DE7068828B90
                                                                                                                                                                                                                                                                                                    Function 06643C89 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2a494b7fa80b6b446de64707d5f218f254d43cda7e6ac6d39e63d2b43022f8d7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1a97a50a52626c65f64d6be4e905277b997cc7e2f476d5c1aa8ee4b8f31af9b9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a494b7fa80b6b446de64707d5f218f254d43cda7e6ac6d39e63d2b43022f8d7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4DE0C23030422687CB886AAAF4166B5FBE9DBC16A2B50186EE14ADB752D621E1618780
                                                                                                                                                                                                                                                                                                    Function 066446A0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a555c4bd554ecdddd3d02833f5e9a848be91f6bcd7d3d5762fc8be2f8fbbc362
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0bc75bffbe0be158c146beaef4277e948fcc293705a3df350ae559a92fb0669b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a555c4bd554ecdddd3d02833f5e9a848be91f6bcd7d3d5762fc8be2f8fbbc362
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58D0C9B050F3897FC752E6A49C02997BFADDE0760470542CAF8849B323C96A9D64D3F6
                                                                                                                                                                                                                                                                                                    Function 0664C1E0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 10af33d8f5c127d86ab5aa3f7c65056797f39d08583d6746f479c9295b2a24ca
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9e73a945827a405b23659edbfeccbf9e500d355bce19fe92ca37ca1b7af4e9bb
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10af33d8f5c127d86ab5aa3f7c65056797f39d08583d6746f479c9295b2a24ca
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14E0C231200704A7C3147B58F05456EBBDBFBC6764B40242DE54683700CE7178828BE5
                                                                                                                                                                                                                                                                                                    Function 06643CD0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1eb523df12cc4b8fd4f0201cb04ecd8da30571ca3f57938cea938d5a27e66041
                                                                                                                                                                                                                                                                                                    • Instruction ID: 15c9c3d7b68a1c930216baa3f7a16d2e9223b1255f9532126498d976b3bc2250
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1eb523df12cc4b8fd4f0201cb04ecd8da30571ca3f57938cea938d5a27e66041
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A7D0A736700564170744259E741443EF79FCBCAE71304002FE70AC3341CE555C1147E5
                                                                                                                                                                                                                                                                                                    Function 06646AC0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4293c90791f253c3643d86270ef51311a97194c5a7b2a2b6b5846f1be59371b2
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2f1e2dcac2f290586c51f78224512d04d89fccb3b037bc6ae55c9fc221fa8f92
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4293c90791f253c3643d86270ef51311a97194c5a7b2a2b6b5846f1be59371b2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16E0EC753042149FD754DF5CD880C91BBE9EF59354355819AE849CF312D722ED12CBA0
                                                                                                                                                                                                                                                                                                    Function 0664CAC0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 605bcf694615aba91dd6356cad79ae36a5cadc66d171614f2d7ec423266d52b7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 887baa9e9380e5b51c3415a54dfb3c3b75152e3f61ba0493895b933fc6f43780
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 605bcf694615aba91dd6356cad79ae36a5cadc66d171614f2d7ec423266d52b7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FCD012300062924FDB49DF78D5B41A57FA69F81314F14188AC0C28E0A2D9386485D248
                                                                                                                                                                                                                                                                                                    Function 066446D8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: f30bddaa01c60918521af4034542fd7c047d053766be5924da53783ac0e9f144
                                                                                                                                                                                                                                                                                                    • Instruction ID: d2c25613f12c223cba0261161b333e8cf08a4143cf3af120f7d950b9d257d347
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f30bddaa01c60918521af4034542fd7c047d053766be5924da53783ac0e9f144
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22E0B674E0520CAFCF44EFE8D49499DBBF5EB48300F0085AAE819E7350EA345A449F81
                                                                                                                                                                                                                                                                                                    Function 06646898 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ab3523a3b20969ec45da11dd69586e351e8f741275c0c637263829f245a406c3
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0d1483d18f5c2814c9d367d085ab0b83482545fab98e1b5d4114435dbb7dd2cd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ab3523a3b20969ec45da11dd69586e351e8f741275c0c637263829f245a406c3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2FE0EC352011129BC364CA2DE945B92FBFAEFC932076596AEE044DB255DB70D882CB94
                                                                                                                                                                                                                                                                                                    Function 066417F0 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 803edcda9cf2f5f86b015a9970498a1f7f71bf438c1144512153c873cdc17593
                                                                                                                                                                                                                                                                                                    • Instruction ID: 93bdcd40876ebef82c43097a340a130c9eebb13be6d2833b5fc8cafabfa07087
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 803edcda9cf2f5f86b015a9970498a1f7f71bf438c1144512153c873cdc17593
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29E02B3A2181C2CFC7069F34E4210997FB3AB49310314005BE481CB6A1CE354551C750
                                                                                                                                                                                                                                                                                                    Function 06640C0C Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 633b65e7a7699e5ddf44c0d1f8e2667b594f63522dca34b9c720551fb4b0d567
                                                                                                                                                                                                                                                                                                    • Instruction ID: d1e887e05e0d2d9b0ffcdad6bebaf542268bc697de8a976ffbdbcfc107063172
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 633b65e7a7699e5ddf44c0d1f8e2667b594f63522dca34b9c720551fb4b0d567
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8AD0A7323300186F93447B18D88687A7FA9EB893A43104827F90587350CD716C9187D9
                                                                                                                                                                                                                                                                                                    Function 06643938 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: e6bfaffbb2552626a39369798e21a1ddf39523876635d357d5a1e6b3663bf24a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 86daf23ae15c7566a6d00ef59ad324d29bd6fcfd2a0b7d498493ddba02bb6f99
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e6bfaffbb2552626a39369798e21a1ddf39523876635d357d5a1e6b3663bf24a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F9D02E22B2A3603BC30562B8980858ABF8D8B82210F0100EBDE88AF243E8358C4043D8
                                                                                                                                                                                                                                                                                                    Function 06643D10 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 10df0bcd4662746e06f42dc7688e2b5c3d7114c185cdf45f528c6024b1e14f4d
                                                                                                                                                                                                                                                                                                    • Instruction ID: dd3d42ec0ed67e2e08001aa2b5949be262bad3c819b0cf7b398909a2e50f081f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10df0bcd4662746e06f42dc7688e2b5c3d7114c185cdf45f528c6024b1e14f4d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3FD01770A0010CEBCB44EFB8E99556DBBBEEB44610B1055ADE809E7240EE312F10ABA1
                                                                                                                                                                                                                                                                                                    Function 0664E32A Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 40337484f98bb1d2beba63b75c61a43ca8da0b57febf17cd2ba83c9df1ff58b6
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4e1741c876f3c12f0f261949d669698d55e0ef9074b62019706ac1a892134af7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 40337484f98bb1d2beba63b75c61a43ca8da0b57febf17cd2ba83c9df1ff58b6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01E01270A0460FDBDB5AAFE1C5647AEB772BF44305F204414D401A6244DF758946CF80
                                                                                                                                                                                                                                                                                                    Function 06642968 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: e800a9c2db030f371286b9b2d284f5b488033f3417452ef8618cfcf4e722e224
                                                                                                                                                                                                                                                                                                    • Instruction ID: e84ae42d15ee20254d0c69b1d45dae929da8362a610992f3c742a6ea7b82b190
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e800a9c2db030f371286b9b2d284f5b488033f3417452ef8618cfcf4e722e224
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64D05E7190520AEFCB04DFB4E94595EFBFDEF45200B2086A9A405EB215EE305E019B80
                                                                                                                                                                                                                                                                                                    Function 06643C98 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 365588f1e2d32f5b82d867691368ffba9320209de10e389d7d329f6d70b4c75a
                                                                                                                                                                                                                                                                                                    • Instruction ID: c6840a8b05196ed4d003922815271f05f64b4772398045af2b0d961c846b2e9d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 365588f1e2d32f5b82d867691368ffba9320209de10e389d7d329f6d70b4c75a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6D01230714204CFCB88FBA5F555535B7AADB8861530488ACA90FCB342DF26F8138680
                                                                                                                                                                                                                                                                                                    Function 06640440 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7344c169edbebf5449619ee0f58e6b44244b2adbfbc60578e11a920de79b8094
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1092c15242a7e79ab9e81c3cd45a518d5659c9e0d92e9e0aab12b46f2f89cbfa
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7344c169edbebf5449619ee0f58e6b44244b2adbfbc60578e11a920de79b8094
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49D0A92151D3C08FD30AA7544480094BB30BA32204388828BC0848D002E1294097C3A6

                                                                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                                                                    Function 0664F7E8 Relevance: 7.7, Strings: 6, Instructions: 151COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (wq$,wq$,wq$Hwq$`]xq$`]xq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1563884988
                                                                                                                                                                                                                                                                                                    • Opcode ID: 42b06f42017a8180362983f514022ae15d07be483928c324939dabbb6a239283
                                                                                                                                                                                                                                                                                                    • Instruction ID: b592752063162b72f56e1504754311634d277fd597c491eaa5c2f9916a22d286
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42b06f42017a8180362983f514022ae15d07be483928c324939dabbb6a239283
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F341E331F141189FDB98AB2DD45446D7BEAEFCA661324009AE206DF361CE319C428BE6
                                                                                                                                                                                                                                                                                                    Function 0664C2D0 Relevance: 5.2, Strings: 4, Instructions: 179COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.2109530681.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_6640000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (wq$(wq$(wq$Xwq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1075039065
                                                                                                                                                                                                                                                                                                    • Opcode ID: b0da486fcf30ca801499fc68b08b4f70ad6dd1bed4f7063c405695cf4743fe33
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9efa2dbef9523625d01459bd14934abedaf34fba16e4eaf6249568d1fae3fd13
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b0da486fcf30ca801499fc68b08b4f70ad6dd1bed4f7063c405695cf4743fe33
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 685117317087544FD359EB3CC49066EBBE6EFC5650B1848AED486CB7A2DE24EC06C791

                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                    Function 071350B8 Relevance: 1.5, Strings: 1, Instructions: 283COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: \VEm
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1990433697
                                                                                                                                                                                                                                                                                                    • Opcode ID: 33b308b820c31f7eb3996f9984b62ca1f530dda60f62b70eb1eec9b92d9acfff
                                                                                                                                                                                                                                                                                                    • Instruction ID: e5284073f557b27a7313dbed03269b6a9373c6c031f05e5299e18d582730667c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 33b308b820c31f7eb3996f9984b62ca1f530dda60f62b70eb1eec9b92d9acfff
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4DB13EB0E0020ACFDB15CFB9C985BEDBBF2AF88714F248529D815E7294EB749855CB41
                                                                                                                                                                                                                                                                                                    Function 071359A8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: d82ff85dc0d7e707cf52d59f63d1aa62d9923a46d35bc5529509e5a8f83ec211
                                                                                                                                                                                                                                                                                                    • Instruction ID: a2b26b9707f69cd97f7c3b56b6e6503f41bca02458b500d6bd0b378ab036e605
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d82ff85dc0d7e707cf52d59f63d1aa62d9923a46d35bc5529509e5a8f83ec211
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9BB170B0E1020ACFDB10CFB8C98179DBBF7AF88B14F148529D819E7294EB749855CB91
                                                                                                                                                                                                                                                                                                    Function 07135705 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: \VEm$\VEm
                                                                                                                                                                                                                                                                                                    • API String ID: 0-551147438
                                                                                                                                                                                                                                                                                                    • Opcode ID: 153189db98c6721f655f7b4da4fef9301c1051d58b7149ad23c5922ee563f406
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6a238c97969b82639b518b0968027418163f5fae6c4865d4cda913e354f18add
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 153189db98c6721f655f7b4da4fef9301c1051d58b7149ad23c5922ee563f406
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A717CF0D0020ADFDB10CFB9C9857DEBBF6AF48714F148129E415AB294EB749855CB91
                                                                                                                                                                                                                                                                                                    Function 07135710 Relevance: 2.7, Strings: 2, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: \VEm$\VEm
                                                                                                                                                                                                                                                                                                    • API String ID: 0-551147438
                                                                                                                                                                                                                                                                                                    • Opcode ID: d59bf02eae3dc085ffb1ce034fb780c6e67d5a253567453a35c1c1eaf3c0775e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 93075d46b5566932bbef877627ef0268d6d779dbd0969b894d44f62d7e95ba83
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d59bf02eae3dc085ffb1ce034fb780c6e67d5a253567453a35c1c1eaf3c0775e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD716CF0E0020ACFDF14CFB9C98579EBBF6AF88714F148129E415AB294EB749855CB91
                                                                                                                                                                                                                                                                                                    Function 071350B7 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: \VEm
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1990433697
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7b2271f7de079b1f729ce6d79da4eb1248af0f69aa297a4d45dd8abc6ed88f5b
                                                                                                                                                                                                                                                                                                    • Instruction ID: f2a5907bd26ec2b91edbff1245f97ebb6700ed0248e76b0d412ac874d4c0643f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b2271f7de079b1f729ce6d79da4eb1248af0f69aa297a4d45dd8abc6ed88f5b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9BB13EB0E0020ACFDB15CFB9C985BDDBBF2AF48714F248129E815E7294EB749855CB91
                                                                                                                                                                                                                                                                                                    Function 07131080 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (wq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1062398946
                                                                                                                                                                                                                                                                                                    • Opcode ID: 85202b4c21a075ef1682cdbe473ab28419643ab51a154afdaabb2131e07faf82
                                                                                                                                                                                                                                                                                                    • Instruction ID: e3e4aea805ed1f80ecfaee44236fd7096d4dec87f9a66aa73732cb2baf61b832
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85202b4c21a075ef1682cdbe473ab28419643ab51a154afdaabb2131e07faf82
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7071E6B1B10208EBDB099BB4CC54B6EB6E7BFC8310F158129D506DB3A0DF389C529B41
                                                                                                                                                                                                                                                                                                    Function 07130E8C Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (wq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1062398946
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6cc5016cfaf123bb8d22b96cdcd2179c1aa3cb126be93b6393287a1549b55acc
                                                                                                                                                                                                                                                                                                    • Instruction ID: c0962c3d0e4bfad08db23faf6c240932bff6ec453a626fcb7be7439e61a7d31c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6cc5016cfaf123bb8d22b96cdcd2179c1aa3cb126be93b6393287a1549b55acc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04113AB17442556BD719367858A173E1B8B9BC5610F194569EA06DF7C0CE288C0B43E5
                                                                                                                                                                                                                                                                                                    Function 07130C1C Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (wq
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1062398946
                                                                                                                                                                                                                                                                                                    • Opcode ID: aab670c2e314649afcc23a872145c27aaf5e321afb5cf041df352210f9443da7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 53b90c90357d9b8b52e3e3f850e130178d235349e1048f7088d6e14c6cdf451f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aab670c2e314649afcc23a872145c27aaf5e321afb5cf041df352210f9443da7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2311B2B1B18559ABD7096B7C84643AE7FF79B8A300F1945AAC501E77C1CF350C0587A6
                                                                                                                                                                                                                                                                                                    Function 0713599C Relevance: .3, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3b7729f1f60d1ea70b38e2c096feca5c032331cd4abb78051ddf3b0cdd7a4aa0
                                                                                                                                                                                                                                                                                                    • Instruction ID: 665dee1f4410a2344f79614f6cdac10b7b0bd7fa84c0c0b6a2dbb66719e6a6c3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b7729f1f60d1ea70b38e2c096feca5c032331cd4abb78051ddf3b0cdd7a4aa0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BBB17FB0E1024ACFDB10CFB8C9857DDBBF6AF48B14F148129E819E7294EB749855CB91
                                                                                                                                                                                                                                                                                                    Function 07132268 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 563739cc80d6c46a69e34997df7261e869cc2a9e1e2509668384d3b180f91220
                                                                                                                                                                                                                                                                                                    • Instruction ID: 71969706496d6cd6ea01451151673c70ae63a9557755786a96f849ee338ad6b7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 563739cc80d6c46a69e34997df7261e869cc2a9e1e2509668384d3b180f91220
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73410579B102189FCB54DFA8D88599EBBB6FF8D710B10816AE905EB360DB31DD41CB90
                                                                                                                                                                                                                                                                                                    Function 071320B0 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 121af15df87c9ab7059740afedb3711091b0996cbc1c6444d7ed9a214e0e9d83
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6f848f0c6e0cb05c2efc93f1adfd31e0e4f324d0c82f562ee30ed15fd1d6e40e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 121af15df87c9ab7059740afedb3711091b0996cbc1c6444d7ed9a214e0e9d83
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F021AAB1B00109ABDB08E6A5D8647AEBBA69FC8711F14802DD506E73C0CF359D05D7D1
                                                                                                                                                                                                                                                                                                    Function 07131072 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 71e21abec663ebe63ffbd5930e7a901a9d3e113e108ee54cb8a8100cbc91579c
                                                                                                                                                                                                                                                                                                    • Instruction ID: ee4cb6c4a95aa79893be45c18d781f8935851a1c2729f29db3501aa650b5ade0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71e21abec663ebe63ffbd5930e7a901a9d3e113e108ee54cb8a8100cbc91579c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B216DB2B00248ABCB058A79CC406FEBBEA9FC8250F098036D906D7381EF7489129790
                                                                                                                                                                                                                                                                                                    Function 07132B18 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2deed643fa071440880dfcf2f6ae3fac3dfd09c89ee6a5e9895785a354b50bec
                                                                                                                                                                                                                                                                                                    • Instruction ID: 332a0fb092375e9a720e1fadfda235aa73e7c722d65f05eda440d24ed5070eab
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2deed643fa071440880dfcf2f6ae3fac3dfd09c89ee6a5e9895785a354b50bec
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2211CAB5B001148BCB95BB7C54206EE7BF2AFC8251704057AC50AD7384EF34CE028BD6
                                                                                                                                                                                                                                                                                                    Function 07132267 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: e48dc5b9bb27bb65287688067dd13688f03189744b1a4f4feb8fade625b36258
                                                                                                                                                                                                                                                                                                    • Instruction ID: 858f965dda5980bcf49edb079c554183a48fdc71f0e2ad30d200cbe53d4d7de2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e48dc5b9bb27bb65287688067dd13688f03189744b1a4f4feb8fade625b36258
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3911F975A102189FCB44DF79D88599EBBF6FF4C710F10816AE905AB360DB319841CBA0
                                                                                                                                                                                                                                                                                                    Function 07131378 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 44c2109a168170a5d5a9dc5113496c054914e39aef0eddf2ea593031ec062cfc
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6318b250dbeb867bb3c730cece32fcb2751969eacb825c1228397f146f088bd2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44c2109a168170a5d5a9dc5113496c054914e39aef0eddf2ea593031ec062cfc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA2115B5D042499EDB10CFAAC581AEEFBF0FF88324F14842AD419A7240C7795905CFA1
                                                                                                                                                                                                                                                                                                    Function 07131380 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 17027038dce72e40a4536cb051ddcc81961dcbca0412b7f7148106253bc4a950
                                                                                                                                                                                                                                                                                                    • Instruction ID: 693d79615ea1c30335be717b8998f12a4f41ffd2cc5343261b98dec1425d84ff
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 17027038dce72e40a4536cb051ddcc81961dcbca0412b7f7148106253bc4a950
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5611F4B5D002499EDB10DFAAC581A9EFBF4FF48324F10842AD519A7240C7796905CFA1
                                                                                                                                                                                                                                                                                                    Function 07132B08 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: c64211387f03da715bbf2dea0e4b9cd2b430a3763542eedc45912a62b66371b9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0f8c16b60accad490414e6599cf6542ef14229255875f1d1df7b35fd270d774c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c64211387f03da715bbf2dea0e4b9cd2b430a3763542eedc45912a62b66371b9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD0180B5B001558FCB55BF7850646AE7BF66FC8641704056AC81AD7384EF30CB528BD2
                                                                                                                                                                                                                                                                                                    Function 07131968 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2564d400876d633b0e57329f5f6424ff64663013c94f1cc848c7784bcbf5d28c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0c19aadfca813aa94769ccce5db10b83c43bea61928cfcb71258f013902dc345
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2564d400876d633b0e57329f5f6424ff64663013c94f1cc848c7784bcbf5d28c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C115171600204AFCB04DFA4D85AAA97BF6EF8C315F264129E40AE7780DF7D6895CB90
                                                                                                                                                                                                                                                                                                    Function 07132A68 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3ae86633d0a7d877392ef9e12020f023adc00571d5589d103ef1f1ee84fb06df
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3da13faf1c7fa0b40005bfc4ddc668d11b925f8c4d408fab36b83a3a56512cb1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ae86633d0a7d877392ef9e12020f023adc00571d5589d103ef1f1ee84fb06df
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4401C075B00116DFCB05EB78E4566AE3FF5FB8A625B25046AE449C7350DB30C912CBC1
                                                                                                                                                                                                                                                                                                    Function 04B6D006 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2122349809.0000000004B6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B6D000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_4b6d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8eca587772ea3f99783fc37c2dbfcb88341c575466d9a50ec704387342c904cf
                                                                                                                                                                                                                                                                                                    • Instruction ID: cd33b3af8c4b35ea73b416a6ad19bc453b91fc691ebc346af54f7cbd6251394c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8eca587772ea3f99783fc37c2dbfcb88341c575466d9a50ec704387342c904cf
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 47019EB150D3C05FE7124B259D94B52BFA8DF53224F1980DBE9898F1A3C26C6C49C772
                                                                                                                                                                                                                                                                                                    Function 04B6D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2122349809.0000000004B6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B6D000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_4b6d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: bff560a5890dbb63a88d49b066bc33850fb1da23722597352ad44303508e6ff5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 96179ae1b89a820710eb9398a81b8a274b082a7717a08720c245175934323dd1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bff560a5890dbb63a88d49b066bc33850fb1da23722597352ad44303508e6ff5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D5012BB17083409AE7208E39EDC0B67BF9CDF41324F18C4AAED4A4B142C77CA845D6B1
                                                                                                                                                                                                                                                                                                    Function 07130E6C Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7d67df255b7a18333480dd4a0be76c00dd45184ea8b868d3278417d543a4172c
                                                                                                                                                                                                                                                                                                    • Instruction ID: da77f5223b8b12329060fe9fe3a58ace96d193fe5ac5637aedcd4f168b7b5fdb
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d67df255b7a18333480dd4a0be76c00dd45184ea8b868d3278417d543a4172c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2401AC747497C86FDB1A137008A13B53FF39F8B320F08949BE4828A5C3DE2888098392
                                                                                                                                                                                                                                                                                                    Function 07132997 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: cd8323ea3a5ef5bf670624eee2521156f492035e48684712f9dc17568f4cfb7c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0d88348978d1c773e839f2a0f32fdf8baed24673d50761af6b7561ad9cadac8e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd8323ea3a5ef5bf670624eee2521156f492035e48684712f9dc17568f4cfb7c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D0178B03013415FC70AAB70E84578A3F71EF42210708C5EAE5468FE82DF35E88A97C0
                                                                                                                                                                                                                                                                                                    Function 07131837 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2a36ac02af2bca3acf9f7ab82a452e3e07d30c99839bf5a3ceca1675fb1e3be4
                                                                                                                                                                                                                                                                                                    • Instruction ID: e8adfdaa6255d26e151eb3d0575d70a40aac5c8ddba021f7b7d7d3135fec77f0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a36ac02af2bca3acf9f7ab82a452e3e07d30c99839bf5a3ceca1675fb1e3be4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ACF0AFB1B1051DA7EB18AA6C85557AF7AFB9BCC700F154169D101B73C0CF714D0197E6
                                                                                                                                                                                                                                                                                                    Function 07132A78 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 890dda396bd4ff26756725b3bd799d7c5ea1a443a6dd70b8574e2f5eb5efb64f
                                                                                                                                                                                                                                                                                                    • Instruction ID: f21753490642c889ac12588e949da632c86bdefbaf3d631bd113cb485858dc03
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 890dda396bd4ff26756725b3bd799d7c5ea1a443a6dd70b8574e2f5eb5efb64f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 87013C79B10215DFCB08EFB8D809AAE7BF5FB89615B11006AE509DB350EB319D42CBC1
                                                                                                                                                                                                                                                                                                    Function 071329A8 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 54816af0f71f67bdb39401d1f39d1585b1e26f1789f125af4d44c120f3e76f29
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5051b26d649d82493b0a4ce184196b29881324fef66a429cff8d28dd7babc817
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 54816af0f71f67bdb39401d1f39d1585b1e26f1789f125af4d44c120f3e76f29
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59F0B4F0301201ABC709ABB4D94575A3BA6FF81610704D579F5068BE80DF75E84897D0
                                                                                                                                                                                                                                                                                                    Function 07131FE7 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2c3693426cb330ebd5f1a2b7dc383dd3234178f981a74c9b7ad59e28380d4d52
                                                                                                                                                                                                                                                                                                    • Instruction ID: 019b6d962164ace2f71c40303f3ffbf3bfe31686cd54ae191ef0ede5afe466db
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c3693426cb330ebd5f1a2b7dc383dd3234178f981a74c9b7ad59e28380d4d52
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CAE04FF2700216579622655A68D5B5BAA8EABC5560B19003AE909DA290CB35C84982B1
                                                                                                                                                                                                                                                                                                    Function 07132A20 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 00cd77d6a7b6dc60bad18c446856d5c0c7ee78f5399cfadb3dfe860034ed5d7e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8742df7cbdf9d9dce07fd48ff4faf0c90be379c7d85a6413d592147e341c00ae
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00cd77d6a7b6dc60bad18c446856d5c0c7ee78f5399cfadb3dfe860034ed5d7e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CCE0926130E7E68FC71B263478150BA3FA42D8392031B41ABE09AC6582DB1D89428391
                                                                                                                                                                                                                                                                                                    Function 07132A30 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 67041eff76e94bb35ee84d6f9c67e067952779af1d82380971d8d4b1853385a0
                                                                                                                                                                                                                                                                                                    • Instruction ID: beb5b3da93767f0a1dd43c3251223fad2d2273a72db6cbc9477071bc401fee00
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 67041eff76e94bb35ee84d6f9c67e067952779af1d82380971d8d4b1853385a0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BFD02BB0309129CBDA19253678052BE35CC6B43E61B038135F42EC2BC0DF1CC9414394
                                                                                                                                                                                                                                                                                                    Function 07132959 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1536f8642f286ec98ae91f58c24e8e1db3f6d28488ec597fe43eb55d5c91d8f0
                                                                                                                                                                                                                                                                                                    • Instruction ID: 432391e04dd3eb936927c4385ecbc60f645dfb68fb36747233541f653e57896f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1536f8642f286ec98ae91f58c24e8e1db3f6d28488ec597fe43eb55d5c91d8f0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29E0DF7190E3869FCB02CFB4A8546A8BFF8EF0720033445EEE480D7122EA300E01C780
                                                                                                                                                                                                                                                                                                    Function 07130C48 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9639a025bac7ee273b2ae360fb111bf05274b93f4cf98656e8cea645c58a1520
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0c1af1d5b59b86a0cacf9395e9d9b5e2748cd6b83fcb0233488b122316b6ef24
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9639a025bac7ee273b2ae360fb111bf05274b93f4cf98656e8cea645c58a1520
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 88D023713101205FC604576CE45496D379DDF4E720F00056AF60AD7770CD51EC0003C8
                                                                                                                                                                                                                                                                                                    Function 07130C0C Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: f88fcfdc7eb6dbbe559346e859f59ecad68330ee877d9828b5c9cbbfa1a396aa
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3dda49be1ab88ddc566b71c243712300ce0e21af0019a056833a1f3fc9c24b44
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f88fcfdc7eb6dbbe559346e859f59ecad68330ee877d9828b5c9cbbfa1a396aa
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 98D0A7B222401C7B82086A58D88697A7BE9EB893607104823F90583650CE615C5193DE
                                                                                                                                                                                                                                                                                                    Function 07135EBF Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: bb6aa7037f45ee7f59ed95d769a2b60e857c4718ba96162dd2ba96b617d69756
                                                                                                                                                                                                                                                                                                    • Instruction ID: 585bc1a45f0f2f21bb38a62be99bbb83a078d0974d93c52ea30d748da129d300
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bb6aa7037f45ee7f59ed95d769a2b60e857c4718ba96162dd2ba96b617d69756
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93C012353105245FC604966CF415999379D9B4D724B1000A6F60ACB771CD92AC4047D5
                                                                                                                                                                                                                                                                                                    Function 07132968 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1e3a0752eb2070eca47b3e281e5fcbe3864478c9e1304c66654da4ea63fbbbff
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9a4bfae7af98ec4e30a31a07ed04c49779b128ffdc83747a49a6f9a37b84d258
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e3a0752eb2070eca47b3e281e5fcbe3864478c9e1304c66654da4ea63fbbbff
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9D05E7191620AEFCF00DFB4E945A5DFBFDEB45200B2086A5A404E3215EE305E009BC0
                                                                                                                                                                                                                                                                                                    Function 071317FF Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: e51fe1cfae10123defe158dbc5e5c9492ea299725f985202c8802cbb4e0424fe
                                                                                                                                                                                                                                                                                                    • Instruction ID: 675481b02ed91fba7d4df91988411aa2a8c8c6b2bcfa4c1eacd993ca6eae551e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e51fe1cfae10123defe158dbc5e5c9492ea299725f985202c8802cbb4e0424fe
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8BC012362201186B47056A55E4479AA7BEAAB5C1603004027F90583760DE715C9187DA
                                                                                                                                                                                                                                                                                                    Function 07130440 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: edd563a1004b8049ab8f6bacf0df5d25d5cb6364e0fcb9cf88a03bbd2d7ff58e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0ffdfb1ea951452df9d84ae151b8edb8670b4aedf4eceb68873c3fb32a01770a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: edd563a1004b8049ab8f6bacf0df5d25d5cb6364e0fcb9cf88a03bbd2d7ff58e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5ED0123600D3C19FC70387659C524E1FF716E5331534D83D7D08085453C22D05A9D771
                                                                                                                                                                                                                                                                                                    Function 07131497 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 00000006.00000003.2121547330.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_3_7130000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3e127e96f11e5cb5474eac6fe42c8bc71b33d3be143879b9779aed746bba11e9
                                                                                                                                                                                                                                                                                                    • Instruction ID: ba6fdab0c5923efff7dd6956ee33fc34f804f28210ceae807366206165480507
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e127e96f11e5cb5474eac6fe42c8bc71b33d3be143879b9779aed746bba11e9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B9002B14452065DDB048AA0B49241A7694A54111432B0256E00D85914E53D006456C1

                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                    Function 00007FF848AA0C1D Relevance: 2.0, Instructions: 2014COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0d5cba15f4137a4ff16697a1d5fe42787793a4530851bb765303990561e8b508
                                                                                                                                                                                                                                                                                                    • Instruction ID: bc0c3812d945e6812b0091b7a40e25b0a53e89aec81763490296fb48a306d615
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d5cba15f4137a4ff16697a1d5fe42787793a4530851bb765303990561e8b508
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18036A70D096198FDB98EF28C8997A8B7B1FF59344F5040B9D00EE7691CB75AA81CF14
                                                                                                                                                                                                                                                                                                    Function 00007FF848AAC922 Relevance: .5, Instructions: 456COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 146f96a5d7c706573e382ead1fad2969219bc24b1f08fc32b9077dd199bfa6df
                                                                                                                                                                                                                                                                                                    • Instruction ID: c467e5d25c001bc3be9893794fae8e1e4a52db8d66c7316caa7017b02f2de289
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 146f96a5d7c706573e382ead1fad2969219bc24b1f08fc32b9077dd199bfa6df
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6AE1A23090DA8D8FEBA8EF28D8567E977D1FF94350F04426AD84DC7691DB749940CB82
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA184E Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a429e2a95ef3edc02859f4292209092e8ffebc174fbecede99b2df30f99f6ceb
                                                                                                                                                                                                                                                                                                    • Instruction ID: b9194db3cb15fa4c87610456f54db3579a303d77efc2e8ef98fbe5c587edffcf
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a429e2a95ef3edc02859f4292209092e8ffebc174fbecede99b2df30f99f6ceb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26914870E097198FD7A8EF24D4593B9B3B1FB5A381F5040B9D00EA7691CBB59A80CF14
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA1E7E Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 950e3afe92fa885d1a7288ce5dc68476fdc81ce6b026c93a2406c27e0411f548
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4c551185fe7f3e90baacfd16e458c427fe3f3067489c71eb42862c33bfebc1fe
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 950e3afe92fa885d1a7288ce5dc68476fdc81ce6b026c93a2406c27e0411f548
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B4614970D0A7299FDBA4EF28D8867E9B3B1FB19380F1040B9D00D92691DB74AE81CF55
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA1E88 Relevance: .2, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 51a8b7419d9aa14af44e947a4a6270c1c4dd7234cfe00ef126ea475b707aaf2b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5ed9515264bca2da149a98c28e683e6de8760796c35959e250d87a185ba7fa9e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51a8b7419d9aa14af44e947a4a6270c1c4dd7234cfe00ef126ea475b707aaf2b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D616A70D09719DFDBA4EF24C8867E9B3B1EB59380F1040B9D00D93681DBB56A81CF55
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA1EB6 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0320364505eabba1c2237a6197ca847b1567714a114f873fbd1166f3573d99c7
                                                                                                                                                                                                                                                                                                    • Instruction ID: ff97af82404c8cc0a834a1c7ea5f3e6c535761025d429bd9ad04900146cd9e55
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0320364505eabba1c2237a6197ca847b1567714a114f873fbd1166f3573d99c7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D511570D096298FDBA4EF28D8857E9B3B1EB19380F1041F9D00DE3691DB75AA81CF55
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA8295 Relevance: 1.7, Strings: 1, Instructions: 423COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: ^
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1590793086
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5aeb85268c4608833f8ae7550bd581f6f8cca313c7d22b39e1123b6739f47367
                                                                                                                                                                                                                                                                                                    • Instruction ID: 169e48fa056e2e23f7379d3c523b9e051a778f5844c9c1085c4b30237822fd91
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5aeb85268c4608833f8ae7550bd581f6f8cca313c7d22b39e1123b6739f47367
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79F1D270909A1D8FDB98EB28C899BE8B7F1FF19341F1040AAD00DE76A1DB759981DF01
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA596C Relevance: 1.6, Strings: 1, Instructions: 386COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: K_^
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3865075263
                                                                                                                                                                                                                                                                                                    • Opcode ID: 47cb1697dcf3fc25f89faba8aa506412a56852d4d0220e2df2eacd812dd8a3b4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7b3a799bfef98ad69c3629f06c1388e68cab2a54393196e0dcfbebd287a31fce
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47cb1697dcf3fc25f89faba8aa506412a56852d4d0220e2df2eacd812dd8a3b4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CAC13736A0EB464FE314FBB8A8461E877E0FF513A5F04027BC04DCB593EA68554587AA
                                                                                                                                                                                                                                                                                                    Function 00007FF848B90853 Relevance: .9, Instructions: 923COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2198447378.00007FF848B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848B90000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848b90000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 811b196f7321dab19b951c7228cbf243e1c270135c87da72367b93bc989ff2c2
                                                                                                                                                                                                                                                                                                    • Instruction ID: 366a7c653fc69750f3afbf292dbfb5a7219475a97b9e64adae010385ae817907
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 811b196f7321dab19b951c7228cbf243e1c270135c87da72367b93bc989ff2c2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A5E10530B0CE494FD798EB2C98556757BE1EF5A714F0402BED08EC76A3CE25AC428785
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA0C89 Relevance: .9, Instructions: 893COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2b1215030079a622fc8fb4906e495b2c58014b2480622c8bf2f855cd32725db2
                                                                                                                                                                                                                                                                                                    • Instruction ID: 77b0039e4032c4ad1b53633542bf24d7ecae008236216f43eed433cc48868806
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b1215030079a622fc8fb4906e495b2c58014b2480622c8bf2f855cd32725db2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC725870909A199FDB99EF18C8997A8B7B1FF58344F5040F9C00EE7691CB35AA81CF24
                                                                                                                                                                                                                                                                                                    Function 00007FF848AAB679 Relevance: .4, Instructions: 410COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: e0f5da8d46e092ac3496bede04d0971bd7b7c2fd02c84c22094cc01895fe4dff
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2e0d9a435ba07ec30ea11903e298b4f89802caaaa94e6dbe4cb4f3da8d491fba
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0f5da8d46e092ac3496bede04d0971bd7b7c2fd02c84c22094cc01895fe4dff
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6D1A13090DB898FEB68EF28C8567E977E1FF59340F04426EE84DC3691DB7499458B82
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA673A Relevance: .4, Instructions: 382COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ee65d36d27fbd6e8e78e367bbdc500c2d919ab160b04e7be5a168b358d21da60
                                                                                                                                                                                                                                                                                                    • Instruction ID: 713bb080c3a5dec8527d307651eec1b35ff39c4a960e2c9324472f75e1b46e3a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee65d36d27fbd6e8e78e367bbdc500c2d919ab160b04e7be5a168b358d21da60
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9CD12971D0EB8A8FE795EF2888466A57BE0FF153C0F0C01B9D049C7593EB68D8458B96
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA2FFA Relevance: .4, Instructions: 367COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: e9dc8ef33c50fd36ff0931d9a40d944a19f941ffdad58ca551ca8a4c5b78e117
                                                                                                                                                                                                                                                                                                    • Instruction ID: cf1793b7d5038c03f6d048552f3873df9994c51b3d11849feffc0abb30b8691a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e9dc8ef33c50fd36ff0931d9a40d944a19f941ffdad58ca551ca8a4c5b78e117
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 90B1B666A0E6925EE301FBBCB8931FD7BB0DF432B9F0C5177D48C89093ED18524A9295
                                                                                                                                                                                                                                                                                                    Function 00007FF848AAC536 Relevance: .3, Instructions: 329COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ebdd9da714c0b572bd3ee22b4f9ded89420bfcd8bf42499560e2e66a9e6c179c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 57263d864be2395461ab6d995adc4c7fbf7734b3c034d7ae16e8a0e27bae273d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ebdd9da714c0b572bd3ee22b4f9ded89420bfcd8bf42499560e2e66a9e6c179c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7EB1C23050DB8D8FEB68EF28C8567E93BD1EF55350F04426AE84DC3692DB749940CB86
                                                                                                                                                                                                                                                                                                    Function 00007FF848B90000 Relevance: .3, Instructions: 324COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2198447378.00007FF848B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848B90000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848b90000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: beb10579380611ebf4b3e71c7f279e93e89fadf2372ed52e3aaf6754d1235839
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5982871ebc58692c6348cf002e74cc76529d5af3878be2113d474406383587be
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: beb10579380611ebf4b3e71c7f279e93e89fadf2372ed52e3aaf6754d1235839
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36911731A0DB884FD759EB2C98686747BE1EF96710F0901FFD489C72A3DE18AC468385
                                                                                                                                                                                                                                                                                                    Function 00007FF848AAD7BE Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9e1cff2522c128e41827828035584f98a84637479296417d876808163694fc06
                                                                                                                                                                                                                                                                                                    • Instruction ID: e83bbc36721383058438e981a801a695b1571ce40dc7605165dd9fcc347ce193
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e1cff2522c128e41827828035584f98a84637479296417d876808163694fc06
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2B1B270A18A5D8FDF94EF68C895BA8BBF1FF69301F1041AAD00DE7251DB70A985CB41
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA337D Relevance: .3, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9e820351e997d6d5c253ee67c4ed08ff116a6526212ce8949e2b844ab148ebbd
                                                                                                                                                                                                                                                                                                    • Instruction ID: d19373f9e75b0588cfc8b53cc24cfeed5efc0318f930df7552829ed8dac183c9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e820351e997d6d5c253ee67c4ed08ff116a6526212ce8949e2b844ab148ebbd
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2A12970A0EB1D8FDBA4EB28C4457A9B7B1FF55380F1041B9C00EE3691CB76A985CB55
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA1B2F Relevance: .2, Instructions: 233COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: e4ef18dd54073d0c4514c7ad342457a0e69b5b48fe2d8ee497acc21f1fda7543
                                                                                                                                                                                                                                                                                                    • Instruction ID: e17e2c85b392b6676723332bc4895d2675072f590451a781dbefb82188fd1956
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e4ef18dd54073d0c4514c7ad342457a0e69b5b48fe2d8ee497acc21f1fda7543
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B7911270D097289FDBA4EF28C8857E8B3B1FF59741F5081A9D00DA7691CBB5AA80CF50
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA946C Relevance: .2, Instructions: 195COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 972013ad94cfd5eee82b4c0934aeccaf1867b5743a4138b612e917c8a0d1924c
                                                                                                                                                                                                                                                                                                    • Instruction ID: bf9a757665967cf8da4fbcb71d68b8e3f4170f9937f4c4c418ae42522a3ad885
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 972013ad94cfd5eee82b4c0934aeccaf1867b5743a4138b612e917c8a0d1924c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8519131908A4C8FDB59EF58D845BE9BBF1FB59310F0082AAD04DD3252DF74A985CB82
                                                                                                                                                                                                                                                                                                    Function 00007FF848AAD1A5 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 36ef1fcbfc2bcb4d944a6d1a6e9e14982a8b6e234c7d71c8df01fa6003ebd0e0
                                                                                                                                                                                                                                                                                                    • Instruction ID: f768c13784a1bffec0a4d5d4e0b199bea526ccd8fb18f01f2abb22542a72d178
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 36ef1fcbfc2bcb4d944a6d1a6e9e14982a8b6e234c7d71c8df01fa6003ebd0e0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48414230D0DA4DCFDB94EB68D4466ECBBB1FF5A380F40006AD049D7692CBB8A845CB16
                                                                                                                                                                                                                                                                                                    Function 00007FF848B904DE Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2198447378.00007FF848B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848B90000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848b90000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 591e1f4676f7ce440f76355f647893ffc12ef67d49d97c40bca64473e86b7c47
                                                                                                                                                                                                                                                                                                    • Instruction ID: 546afd1b09805bfe93c2f7b1d35037b4be767f5608329ae8f742ac879202095d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 591e1f4676f7ce440f76355f647893ffc12ef67d49d97c40bca64473e86b7c47
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41310961B0DE858FE785A77D48966747BE1EFAA354B0900BBD049C36A3DE18AC47C381
                                                                                                                                                                                                                                                                                                    Function 00007FF848AAE6D9 Relevance: .1, Instructions: 135COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3905c214f758138e326084b39d39731dec7d35ac5a993c4c66e5a2d32fa49bd7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 79b5fe2104a470bce73014876a1e3be2402eb4a1eb7e34b28d592ca986f78116
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3905c214f758138e326084b39d39731dec7d35ac5a993c4c66e5a2d32fa49bd7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7041F530D0961D8FDF88EF98D891ABEB7B1FF59340F100469E00AE7691CB75A850CB65
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA63FB Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4e22fd899655c9ef9e47ba2a820a20067be984ec32c0d0f575d0d8570c9bb804
                                                                                                                                                                                                                                                                                                    • Instruction ID: de9e319382b94c2b71cdc23d5ad0067f403e4fc2f05494520f08587e076bb0aa
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e22fd899655c9ef9e47ba2a820a20067be984ec32c0d0f575d0d8570c9bb804
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC312275A0DB8A4FDB85FF28C8516E97BA0FF96394F000276E019C3192CB74E802C795
                                                                                                                                                                                                                                                                                                    Function 00007FF848AAD080 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 11a0b55c1ba4ae50dca203e8d96544b83bed3908219ababe96dd251d4fdd03e9
                                                                                                                                                                                                                                                                                                    • Instruction ID: be3dbe8f71e364cf6fd816038cd52711076c81b2a802d17bed123838fbefeb92
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 11a0b55c1ba4ae50dca203e8d96544b83bed3908219ababe96dd251d4fdd03e9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6418D70E19A4D8FDB84EF68D8556EDBBF1FF59341F04006AE009E36A1CBB5A841CB61
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA7A45 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 271b3f69ce8e6c521ae67cbb935b3d6da1292ce0ec30695c78c6b7bc19af9757
                                                                                                                                                                                                                                                                                                    • Instruction ID: 68d1d4058001b38d2bd195e3b114d683829ee2d9086b5dea97d2ffa20b5de683
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 271b3f69ce8e6c521ae67cbb935b3d6da1292ce0ec30695c78c6b7bc19af9757
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC417970D09B499FDB44EF68D8416EEBBF1FB59341F00407AE009E7691CB799881CB61
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA47CD Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ab8a83f6e371c6848c20e0afc36a56dfae5ded97cd8e02bacb8e18c335e883a4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8b186e852f3e8679f4c90614e602e1d9a18aed462abc51c2fecd1467295964bf
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ab8a83f6e371c6848c20e0afc36a56dfae5ded97cd8e02bacb8e18c335e883a4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F331D361C0F6C69FE301FB3868562F97BA0FF12684F1400B6E0588B893DA689945C396
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA7C51 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: f1e9b53dbe57fb47af0feaf83437992c812e346e93f41977026c0c8f0311682f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3e803d4253e0ed0134a47bb098d6a939eb4a34e4e6d9093557c61dd56a46a722
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1e9b53dbe57fb47af0feaf83437992c812e346e93f41977026c0c8f0311682f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A5319F71E09B08DFDB40EF68D8416EEBBF1FB59740F00816AE008D7691DB759540CB90
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA49F1 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 17b030fabeaa9b5ee2d086d67f1dc963c3119bbd02793c4cadb034389a9f2142
                                                                                                                                                                                                                                                                                                    • Instruction ID: 75a8db9fb48509bd7132f78c093bcee7965b18580d8155826b39fccb321eacb9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 17b030fabeaa9b5ee2d086d67f1dc963c3119bbd02793c4cadb034389a9f2142
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D931FA34A0A6499FDB84EF28D441BE9B3A2FF4A345F918578E00CC7656CF76A842CB00
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA4EFA Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: e53d0b46461c7a0de6257f6aac9761ef0677d3f74af120226d69da6c0df02740
                                                                                                                                                                                                                                                                                                    • Instruction ID: 697d7e0683152ee2e8d6bd532e9aa0398d6f4eca449d981740fe6d1c502c6d51
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e53d0b46461c7a0de6257f6aac9761ef0677d3f74af120226d69da6c0df02740
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C21D672A0E78D4FD746EF68A8911DA7BA0FF45360B0402B7E44CC7293CA648905C355
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA7DC1 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5f90dad42764822fd7c9481d1addbb67663a98d110dfcdc650b8e63069f059fc
                                                                                                                                                                                                                                                                                                    • Instruction ID: f65eda54505ac4167be296d1093e30a03098a24f562e86a8bd1d346a36befe85
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f90dad42764822fd7c9481d1addbb67663a98d110dfcdc650b8e63069f059fc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A213770D19A5D9FEB90EBA8D8496EDBBF1FF59351F00047AE008E3252DB34A8418B51
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA483D Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: d5f20a3e56c2d202eefc4e79bcb9a7fc4cedec0ced81dfc5eed6d5c6a67b3661
                                                                                                                                                                                                                                                                                                    • Instruction ID: 782ec2f0285e88d9844950b9b01388e31a969340adcd2fb01121bd7392dc1323
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5f20a3e56c2d202eefc4e79bcb9a7fc4cedec0ced81dfc5eed6d5c6a67b3661
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC110432D0E2C95FE710FF38A8921F97BA0EF06284F0401B6E44C875D3EE689655C386
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA3B7D Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a18788e342f99cde561102d0ac5e1773c51593569d4e380bbab2f2592cfae441
                                                                                                                                                                                                                                                                                                    • Instruction ID: b7c18a11b7de1af42347855799f3a12a558609d465c9602f3323efeabc3842fe
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a18788e342f99cde561102d0ac5e1773c51593569d4e380bbab2f2592cfae441
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1211A931D0E6499FEB44EF68C4462FEBBB1EF49380F014275D009D3692DB78A5848B55
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA79C7 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6469483129ae9ba09fc3154ff58185869f212b45ddc12ceeeae014b397439760
                                                                                                                                                                                                                                                                                                    • Instruction ID: b7c70affd2712200cc07e59dc5293c7be526408b3617531025af706f5c70694f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6469483129ae9ba09fc3154ff58185869f212b45ddc12ceeeae014b397439760
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A019A70D09A499EFB84FFA8D8116EDBBB1FFA4341F108236E00CE729ADB7128418711
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA35AB Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 56bfcf82902753d9c3968230c0d2c90c979677fafc5753ff30eba72254a54cb0
                                                                                                                                                                                                                                                                                                    • Instruction ID: 12467906ef15fe34d03d58d01fb7480529ad0bec9f30f5c3b0e89f82c4d7639f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 56bfcf82902753d9c3968230c0d2c90c979677fafc5753ff30eba72254a54cb0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3301C434A09A2D8FDBA8EB18D8957EDB3B1FB59341F5044AA900EE3681CB755A84CF05
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA6E93 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2196163706.00007FF848AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848AA0000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ff848aa0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4db7e997fc44cbe5bcde5953b4116c764836bf346ba6dd5c1a6b7f147ab74357
                                                                                                                                                                                                                                                                                                    • Instruction ID: 24f824b64e4e5fbd08a2b6c6f17e8a689542b88f75a2df499fbb6bf08c1da576
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4db7e997fc44cbe5bcde5953b4116c764836bf346ba6dd5c1a6b7f147ab74357
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ADA02202ACF02E00C000308C38830C8B200C3800F0FC8A032EC0C8000A88CE08C2028A

                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                    Function 00007FF848A80C58 Relevance: 28.4, Strings: 21, Instructions: 2150COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: 7b$(7b$(7b$07b$87b$@7b$H7b$P7b$X7b$x6b$x6b$x6b$x6b$x6b$x6b$x6b$6b$6b$6b$6b$6b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2992495192
                                                                                                                                                                                                                                                                                                    • Opcode ID: d4fa0d92a3bfa3040269e8c8c234fdea4d5987c7b35f9c4541cca4bc23b1ccaa
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2b50d457e987fbd556b999afdf02547005d85a74fee6216abd842bf8a2c4cd54
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d4fa0d92a3bfa3040269e8c8c234fdea4d5987c7b35f9c4541cca4bc23b1ccaa
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2034870909A1D8FDB99EB28D8997A8B7B1FF59341F1040F9C00ED7291CB75AA81CF25
                                                                                                                                                                                                                                                                                                    Function 00007FF848A84C41 Relevance: 7.9, Strings: 6, Instructions: 401COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: [b$ [b$ [b$ [b$([b$([b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2320613467
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0acdf3a69edf619725809f6d3a1982a9c4efd8a79eac7ccff2315f6fd5959abc
                                                                                                                                                                                                                                                                                                    • Instruction ID: 40bd2bd25dea674613c604001acb25b567e1019067190f26817f5a31ee3a336c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0acdf3a69edf619725809f6d3a1982a9c4efd8a79eac7ccff2315f6fd5959abc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50D17C7090EA5D8FEB99EF28E4556A97BB1FF5A340F1041B9D00CDB292CF756884CB21
                                                                                                                                                                                                                                                                                                    Function 00007FF848A84DC8 Relevance: 4.0, Strings: 3, Instructions: 224COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: [b$ [b$ [b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1585372155
                                                                                                                                                                                                                                                                                                    • Opcode ID: 17a035dcfe8557243253fa88e73e552133d3f8ae91b46988272c597cb5876c5d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 383f9a1e92dbedfc7a7d7fe749cc45c30c2574d0603dbb71f073de7e405f7a77
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 17a035dcfe8557243253fa88e73e552133d3f8ae91b46988272c597cb5876c5d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86715C7090AA5D8FDB98EF28D4557A97BB1FF4A340F1040B9C00DDB292CF796885CB25
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA1BFE Relevance: 2.9, Strings: 2, Instructions: 356COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: `b$`b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2636714765
                                                                                                                                                                                                                                                                                                    • Opcode ID: 076561fd7cbc90497cf06aa6bdaaba16a8b406d1283cfa98d3d384774bea9ea9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0fd40f050eb8ca196dfc3bddaa5590c0adf1344e0910630c4dd08b1f77527c30
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 076561fd7cbc90497cf06aa6bdaaba16a8b406d1283cfa98d3d384774bea9ea9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44D1C33060DB858FD35ADF28D044AA2BBE1FF65340F04C6AED09A87692DF70E449CB91
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9B1E7 Relevance: 1.5, Strings: 1, Instructions: 293COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: _
                                                                                                                                                                                                                                                                                                    • API String ID: 0-701932520
                                                                                                                                                                                                                                                                                                    • Opcode ID: b3de64004382d36bd83da0ad55e1cc1481f9ab4158c74640e9096e544bcffe5c
                                                                                                                                                                                                                                                                                                    • Instruction ID: d8c3406ffe84ef2a6161683bcc7417819aafd70b195e785a9257b5aadf5308fd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3de64004382d36bd83da0ad55e1cc1481f9ab4158c74640e9096e544bcffe5c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20B16B70D0D6298FDB68EB18D895BACB7B1FF58344F0005A9C00EE7292DB746985CF55
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9B220 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: _
                                                                                                                                                                                                                                                                                                    • API String ID: 0-701932520
                                                                                                                                                                                                                                                                                                    • Opcode ID: e00fc4736167e223b96ed0eccd71abc18da4e257f9b66a0ae368563a67e3850d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0a11ebb03fba6085c6a7ecb7d3fd6f6c726c2bb6d659e91a637d3ec5f1d7480a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e00fc4736167e223b96ed0eccd71abc18da4e257f9b66a0ae368563a67e3850d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 84811930D09A298FDB68EB58C855BACB7F1FF58344F0005A9D00EE7292DB74AA85CF55
                                                                                                                                                                                                                                                                                                    Function 00007FF848A91CF0 Relevance: .4, Instructions: 423COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a14ba2d39edd0b25a75c555b52c31b2fcbadd143646b096ac62d745024093df6
                                                                                                                                                                                                                                                                                                    • Instruction ID: 682bc6d2b94478f48365cef2209b1a264bd05d275256ef71fc7af7c611f38bc9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a14ba2d39edd0b25a75c555b52c31b2fcbadd143646b096ac62d745024093df6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FCD1293190EBC60FE356EB3894563B67BE1EF56348F0845BAD099C7193DF68A8068352
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9C920 Relevance: .4, Instructions: 378COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0788e23dae4671474baa01e4f36dd4cfa36a4a62ab6c4b316ea30fc0d50759c6
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6f2887b59f159c8498749c15efcefc4b335c3ac95739b4ee91edb5d44e017719
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0788e23dae4671474baa01e4f36dd4cfa36a4a62ab6c4b316ea30fc0d50759c6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AAC16030A1DD4E8FDB84EF2CC446AAA3BE1FF69395F04057AE409D76A1CB64E841C791
                                                                                                                                                                                                                                                                                                    Function 00007FF848A83406 Relevance: 22.9, Strings: 18, Instructions: 422COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: [b$([b$0[b$8[b$@[b$H[b$P[b$X[b$`7b$h7b$h[b$p7b$p[b$x6b$x7b$x[b$Zb$Zb
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2634098513
                                                                                                                                                                                                                                                                                                    • Opcode ID: 279501db93975daaf9078ec53ac2bc21440b23817facbe95b8ae8f3fb5d09bb7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 334c95e11d29bdecaad85278c28d25740c7e9d76e93388d0013ef406e09560db
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 279501db93975daaf9078ec53ac2bc21440b23817facbe95b8ae8f3fb5d09bb7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65E1527090994D8FEB85EF2CD8656A97BB1EF5A341F2141FAC44CCB2A2CE316D45CB21
                                                                                                                                                                                                                                                                                                    Function 00007FF848A83466 Relevance: 20.4, Strings: 16, Instructions: 373COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: [b$([b$0[b$8[b$@[b$H[b$P[b$X[b$`7b$h7b$h[b$p7b$p[b$x6b$x7b$x[b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-4001924723
                                                                                                                                                                                                                                                                                                    • Opcode ID: 82d009796e6f33fe6d2d60580f85e005148aaa8b1d42f01bd345cbb61b49da12
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9cdde14085279eecb5765fdb3bf3d9db48496689c075f301255a69ab035bea72
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 82d009796e6f33fe6d2d60580f85e005148aaa8b1d42f01bd345cbb61b49da12
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81D15E7090995D8FEB89EF2CD8656A8BBB1EF4A341F1141FAC44CCB2A2CE316D45CB11
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8CFC8 Relevance: 10.7, Strings: 8, Instructions: 684COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: 0:b$8:b$@:b$H:b$P:b$X:b$`:b$`:b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3506000544
                                                                                                                                                                                                                                                                                                    • Opcode ID: e7c42ab02f7ec22502f82468fefb485cb2871074d1d3b5eba0216da72d89b7e4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4e22bd03022bfb8573eb26859a4d4aa2024a0bcf6f2d05ea065c35483dbec11d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e7c42ab02f7ec22502f82468fefb485cb2871074d1d3b5eba0216da72d89b7e4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB22F230A1DB468FD758EA1C848663977E1FF89744F24897ED08AC3292DF74F8828756
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8634D Relevance: 9.1, Strings: 7, Instructions: 362COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: (8b$08b$88b$@8b$H8b$x6b$x6b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3248390049
                                                                                                                                                                                                                                                                                                    • Opcode ID: d8052b598d7ef17a79e9fa143df5d9b5c887e6846b60fc8d56af24f4e936208f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 776e3b0f4dccefc6ebc4995ba717790193dd1e530ec87c3a918baa99ed85eb0a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d8052b598d7ef17a79e9fa143df5d9b5c887e6846b60fc8d56af24f4e936208f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4C1BD70D0DA5D8FEB99EB28D4597A8BBB1EF19340F1444BAC00DD7282CB746885CB21
                                                                                                                                                                                                                                                                                                    Function 00007FF848A89FD0 Relevance: 8.0, Strings: 6, Instructions: 496COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: Hb$Hb$Hb$`b$hb$pb
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2658967139
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7dbbf658cbb75171cd4612c7b5349c425aabfeb7c78a8c95cb29a026b4430300
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4bd8525d3900a34dd769cfe3394504e1b34674a091197d09fe397cbc536e8700
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7dbbf658cbb75171cd4612c7b5349c425aabfeb7c78a8c95cb29a026b4430300
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27D17B21F0EE8A4FE795EA3C68562747BD1EF996D0F1901FAD00CC71A7DE589C068352
                                                                                                                                                                                                                                                                                                    Function 00007FF848A85D3F Relevance: 7.8, Strings: 6, Instructions: 260COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: 8b$x6b$x6b$x6b$x6b$6b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1123928529
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4c56f6dae4ce3b7893199d3a84b7763271777a75fda1e24f69297d557e2f54ed
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7281038a3acd357a2bd13291fe28851b189a36da872729fecd1d9e73f79a0c4a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c56f6dae4ce3b7893199d3a84b7763271777a75fda1e24f69297d557e2f54ed
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F91A070D09A0D8FDB45EF68D485AA8BBF1FF59341F1041BAD449DB292CF34A886CB61
                                                                                                                                                                                                                                                                                                    Function 00007FF848A873DC Relevance: 5.3, Strings: 4, Instructions: 324COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: [b$[b$[b$[b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2870568920
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3185cff64390984b42a0ced216f5c412f7feec81c1e318829d45752e8d2c6bbf
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8fe8472cb8481fc954e04c191d20c73a1beb5d1b82e592534af9cc5c33dd6d95
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3185cff64390984b42a0ced216f5c412f7feec81c1e318829d45752e8d2c6bbf
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BAC14870D09A1D8FDB98EF68D495BADBBB1FF59340F1040A9C00DE7291CB74A985CB25
                                                                                                                                                                                                                                                                                                    Function 00007FF848A845FF Relevance: 5.2, Strings: 4, Instructions: 167COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: x6b$x6b$x6b$x6b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2990268060
                                                                                                                                                                                                                                                                                                    • Opcode ID: 062f3f7120ec22ba04c9611168145e24acf7fd11b1884bf808882c186d4007f4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1a2f33bde79d112b56a960f9229d5d333a47e7727d2e39267070bdf37aca84ca
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 062f3f7120ec22ba04c9611168145e24acf7fd11b1884bf808882c186d4007f4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD515F3010AA4ACFDB58EF29C4A1A6573A1FF55345B6148BDD04ACB5D2CB75F842CB41
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9FA39 Relevance: 4.1, Strings: 3, Instructions: 306COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: Hb$`b$xb
                                                                                                                                                                                                                                                                                                    • API String ID: 0-538049373
                                                                                                                                                                                                                                                                                                    • Opcode ID: 40c689b956d07696229f8046382020a4145d0fd281e3afcd7ce5b0ead95a8035
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1432790e08869d6fec3bb3d7efe85e0f11695a02fe87a993ad32fa4e7406f1b3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 40c689b956d07696229f8046382020a4145d0fd281e3afcd7ce5b0ead95a8035
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B291FB31E0DA8E8FDB89EF6CD8556A97BE1FF58344F0405BAD808C7296CF74A8068751
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9FD12 Relevance: 4.0, Strings: 3, Instructions: 281COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: Hb$Pb$`_k
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1496584150
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3f45732e84f599938ff89e922335037c9adb037762bff7105f550452791e3bf2
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5b0783b1c56339dda355c6b5816470668fa5593450d087957ca0075013790b99
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f45732e84f599938ff89e922335037c9adb037762bff7105f550452791e3bf2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E9811C61E0DE8A4FE785EB2CD8566B93BD1EF9A3C0F0500BAD449C7297DE649C06C351
                                                                                                                                                                                                                                                                                                    Function 00007FF848A88D32 Relevance: 4.0, Strings: 3, Instructions: 222COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: ([b$8b$8b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-844721210
                                                                                                                                                                                                                                                                                                    • Opcode ID: 01efe57308f9e436a3666f4f41e02490c4ba77e5149f0be1e5c5bb02fe4df2aa
                                                                                                                                                                                                                                                                                                    • Instruction ID: 44ce5230cf3a3b739ab0418ea5a09c806332542a40ddfea464a8324ecf2fedbd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 01efe57308f9e436a3666f4f41e02490c4ba77e5149f0be1e5c5bb02fe4df2aa
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9771CD3090DA4D8FDB85EB68D855AE9BBF1FF5A340F1001BAD04DD7292CB795841CB62
                                                                                                                                                                                                                                                                                                    Function 00007FF848A85B6A Relevance: 4.0, Strings: 3, Instructions: 200COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: x6b$x6b$6b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1946033371
                                                                                                                                                                                                                                                                                                    • Opcode ID: bbf73ef0ae6eb7f3be0715badfa8c251b77a9ab7fe4582f37068bcfd4a2681ff
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1c5141e3359794c979e4e2b9400290c81cadfd8f1638670abafde0ee79009d4b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bbf73ef0ae6eb7f3be0715badfa8c251b77a9ab7fe4582f37068bcfd4a2681ff
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C161037080E6898FD786DB68C855BD87FF1EF4A340F1541EAC048DB2A2CB395D86CB61
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9593C Relevance: 3.9, Strings: 3, Instructions: 177COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: X9b$L_^${q
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1433175650
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3f8edb11c3093c090c20e6d8fddd642c662b153f322c434418b958de0946a4bc
                                                                                                                                                                                                                                                                                                    • Instruction ID: 24009339e41f7734ebf625815777301d297d7d596a18a4126fe7010291040b5a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f8edb11c3093c090c20e6d8fddd642c662b153f322c434418b958de0946a4bc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE41C952A0E6D51FE712FB7C78970F93FA0DF432A9B0800F7D488CA153ED095546829A
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8BB05 Relevance: 3.9, Strings: 3, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: 89b$@9b$H9b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-4053056370
                                                                                                                                                                                                                                                                                                    • Opcode ID: e66665a5d1357e132b74f99300008ba9b102783b76bb1e312b7c7ceb65c0c8c3
                                                                                                                                                                                                                                                                                                    • Instruction ID: 244328f82d753bfd6aa4cb5099f56d9804d6ae2dcd07bb67f3fa599ece03d657
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e66665a5d1357e132b74f99300008ba9b102783b76bb1e312b7c7ceb65c0c8c3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E41E871E0DA8E9FE745EB7894266E8BBA0FF49340F1401FAC008CB193DE256905C765
                                                                                                                                                                                                                                                                                                    Function 00007FF848A906AA Relevance: 2.9, Strings: 2, Instructions: 419COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: H$d
                                                                                                                                                                                                                                                                                                    • API String ID: 0-989806989
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9262fc3f0f573a40af3acf57dc9b0285a9336b078cb66a24350c2f70fefc9f74
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6c4ceb066a71d39bae6145de6e1ee26e1b9f3987e431b7a2d9d6de810677933b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9262fc3f0f573a40af3acf57dc9b0285a9336b078cb66a24350c2f70fefc9f74
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81C12130A1DB864FE769FB18844263577E1EFA5394F1449BDD08AC7192CF68F8028796
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8E938 Relevance: 2.9, Strings: 2, Instructions: 403COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: b$(b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-974630817
                                                                                                                                                                                                                                                                                                    • Opcode ID: 327c72582914ffcd85472c3c7dd61febfc034a4604ca01c0dadeb0893d5d7bce
                                                                                                                                                                                                                                                                                                    • Instruction ID: 24b2a96d7fff80b8c91c456dc2c5817bed9b4e3f6dc7a4e70e0544a33a71fdc5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 327c72582914ffcd85472c3c7dd61febfc034a4604ca01c0dadeb0893d5d7bce
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35C14631D1DE8A8FE758EF2CC4066A5B7E0FF55784F0849BAC049CB192DF68E8458752
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9F255 Relevance: 2.9, Strings: 2, Instructions: 360COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: $b$pb
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1927741596
                                                                                                                                                                                                                                                                                                    • Opcode ID: 15289a3bd36eb4f5a1d3b8e0de6f973856106ac34bb88cae227a4e1a93ff990b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 151d7761ee07e548d1567661fe543183264439ff38d7b8d4443ac3247b8d9b77
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15289a3bd36eb4f5a1d3b8e0de6f973856106ac34bb88cae227a4e1a93ff990b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DCB18C31A0EA4A4FDB55EB2CD4125A57BD1EF99354F0409FAC44CCB692CF6CAC46C392
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9FEB5 Relevance: 2.8, Strings: 2, Instructions: 336COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: Hb$Xb
                                                                                                                                                                                                                                                                                                    • API String ID: 0-62006945
                                                                                                                                                                                                                                                                                                    • Opcode ID: 027c94af5f71fcfb3f5b719c879b135489fc8c11a8895e65be51880baa46efe3
                                                                                                                                                                                                                                                                                                    • Instruction ID: 27d6176dad13698866baf9b22bf14fb3c9845aed190c3ffd5655ed6f1dcebccc
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 027c94af5f71fcfb3f5b719c879b135489fc8c11a8895e65be51880baa46efe3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DAA13821E1DE8ACFEB84FB2C94566B83BD1FF597C4F0800B9D04DC7196DE68A8058716
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8EA20 Relevance: 2.8, Strings: 2, Instructions: 266COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: b$@b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-957945007
                                                                                                                                                                                                                                                                                                    • Opcode ID: f2868421686cceba5841d5fb588b4e5f10bb7df65c04405f246afd3d6c0cd545
                                                                                                                                                                                                                                                                                                    • Instruction ID: e68f08eee899aeda656887713dddbf1ba8407d4abd310854028d250e34cd0021
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f2868421686cceba5841d5fb588b4e5f10bb7df65c04405f246afd3d6c0cd545
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40713621E0EF8A8FE356F63C581A2357BE1EF9A6D0B1900FBD088C7197DE549C068356
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA02A1 Relevance: 2.7, Strings: 2, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: b$0b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2504623423
                                                                                                                                                                                                                                                                                                    • Opcode ID: e67882f99fabcc2217c25f2acca340dfa68cb9f3a5c3acaa03180aa37dda9414
                                                                                                                                                                                                                                                                                                    • Instruction ID: 97c931f2eccc28d5a8b6afab99e99827bd6ed2926dd84d9f83e121796612dad2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e67882f99fabcc2217c25f2acca340dfa68cb9f3a5c3acaa03180aa37dda9414
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2711A21E1EE8A8FD785EB2C58522B57BE1EF9A794F1400BAD04CC7196CE646C05C396
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8CDFB Relevance: 2.6, Strings: 2, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: vM_^$x6b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3141021144
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9f2f11f32414c945e1331c0a0a39aefff9b6a6ee50ea35babd4421e28364ccbe
                                                                                                                                                                                                                                                                                                    • Instruction ID: 45e86a706d2a8541dbd5216c75a729218f48c05efa073ebdc0d3fe6688dfa546
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9f2f11f32414c945e1331c0a0a39aefff9b6a6ee50ea35babd4421e28364ccbe
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48412930B0DE0D8FD798EB2CA81A57977E1FF99751F0401BBE009C7292DE609C058B96
                                                                                                                                                                                                                                                                                                    Function 00007FF848A881AE Relevance: 2.6, Strings: 2, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: `[b$`[b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1656205770
                                                                                                                                                                                                                                                                                                    • Opcode ID: b2fdadab02807a095e16de17b66b102b603fa644525bd98ca9847a52b79722a3
                                                                                                                                                                                                                                                                                                    • Instruction ID: 21429e2ab3e99bb485133ee27440e56e40ca2cc5468cc91eb4305d98c7eb8f8f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b2fdadab02807a095e16de17b66b102b603fa644525bd98ca9847a52b79722a3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2410A70909A2D8FDB58EF68C8657A87BB1EF59381F5000BED00DD7292DF751984DB22
                                                                                                                                                                                                                                                                                                    Function 00007FF848A96D69 Relevance: 2.6, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: b$(b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-974630817
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0754f3d8812e6e72239ef2216a5d7fefca0ab0816eb2bab08e4f1a712b898fba
                                                                                                                                                                                                                                                                                                    • Instruction ID: e29c2e1f4a3c60a4ca80066fef48f4fb8da31b2b3bb22ed86a43c29f677accb0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0754f3d8812e6e72239ef2216a5d7fefca0ab0816eb2bab08e4f1a712b898fba
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6121E411A0EACA4FE756EB3C88555603FB1EF57294B1E44FBC044CF1A7DA19AC09C362
                                                                                                                                                                                                                                                                                                    Function 00007FF848A85201 Relevance: 2.6, Strings: 2, Instructions: 95COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: `\b$7b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-46239808
                                                                                                                                                                                                                                                                                                    • Opcode ID: a35b518848eaf1751f69a9f7752d02693ee120154e4ec3073ff065150e6fb076
                                                                                                                                                                                                                                                                                                    • Instruction ID: 90dd25076e407be5d18326cd5767b81daa8b838655371e96ae7123d23aa098ff
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a35b518848eaf1751f69a9f7752d02693ee120154e4ec3073ff065150e6fb076
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7216830D09A5D8FDB84EF68D8556EDBBB0FF59300F0400AAE408E7291DB35A840CB91
                                                                                                                                                                                                                                                                                                    Function 00007FF848A85220 Relevance: 2.6, Strings: 2, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: `\b$7b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-46239808
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3f7f8cd91d047a30e89b2e69b455bf6dfeecc62326229293c290d5e0323da197
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4cfa8ea11cca03e5edb6b399684b7fd92b33f137ae862d5457446d4f17606775
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f7f8cd91d047a30e89b2e69b455bf6dfeecc62326229293c290d5e0323da197
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09213430D09A1D9FDB84EF68D8556EDBBF0FF5A340F14006AE409E3291CB71A840CB91
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8DE20 Relevance: 1.8, Strings: 1, Instructions: 538COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: P9b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2746501985
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1a27c4687620e5fb1ae2369d1b653e61f4c7b3760b80e83523b08d8d92835701
                                                                                                                                                                                                                                                                                                    • Instruction ID: 091b440dc6b04de9e4fef4cfd598347284522ec6e57f3204c08c0b743533fd68
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a27c4687620e5fb1ae2369d1b653e61f4c7b3760b80e83523b08d8d92835701
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7CF14830A1DA898FE749EB3CA4565787BE1EF99740F0405BED04AC7297DE28EC428752
                                                                                                                                                                                                                                                                                                    Function 00007FF848A943F0 Relevance: 1.7, Strings: 1, Instructions: 459COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: d
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2564639436
                                                                                                                                                                                                                                                                                                    • Opcode ID: ef2d9d81da0528adccf4688dca114e2f9e8fbc029dc51e8bae9b5c5882a1ec61
                                                                                                                                                                                                                                                                                                    • Instruction ID: b472e3cb0cfda8bd143f5d1502a206c322c8e18a55785e1aa822279c51bb93da
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef2d9d81da0528adccf4688dca114e2f9e8fbc029dc51e8bae9b5c5882a1ec61
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30E12230A0EB894FD768EB188445675B7E1FF99384F1449BED08EC7296CE74EC428792
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9C960 Relevance: 1.7, Strings: 1, Instructions: 402COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: HR_L
                                                                                                                                                                                                                                                                                                    • API String ID: 0-1385503024
                                                                                                                                                                                                                                                                                                    • Opcode ID: 582a39cd00c7ca8b3949d9eb57929110f6dfa9978576d2b411624955b40d933c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 71942dcd205dc7a8ef06a72ba217b6a81774d5639af57859b76d001f46b83d20
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 582a39cd00c7ca8b3949d9eb57929110f6dfa9978576d2b411624955b40d933c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9C1F730A0DB498FDB54FF2898565B97BE1FF9A380F0401BEE409C7292DE64EC458796
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8E5B8 Relevance: 1.6, Strings: 1, Instructions: 398COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: d
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2564639436
                                                                                                                                                                                                                                                                                                    • Opcode ID: b2c080cd2478c56b5b8c45171e295b9764e8372e1de14a44acf0d5e9febc129d
                                                                                                                                                                                                                                                                                                    • Instruction ID: fa9acd8bbe591096c533974a796602b735dc488ed9e77c8a5e85311772f969ae
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b2c080cd2478c56b5b8c45171e295b9764e8372e1de14a44acf0d5e9febc129d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29C11030A1DB458FE368EA18D482575B3E1FF98394F14497DD08AC3696CB75F8438B86
                                                                                                                                                                                                                                                                                                    Function 00007FF848A93BA8 Relevance: 1.6, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: d
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2564639436
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6d1cfc601022e29f7c17c083547cbedda8a3535d6e72a29c44a10c858f6cb19e
                                                                                                                                                                                                                                                                                                    • Instruction ID: cce385da9b5d9e5e69acc5416dd0b5102c2c526fc72bbc3c3d8c189d4a9834da
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6d1cfc601022e29f7c17c083547cbedda8a3535d6e72a29c44a10c858f6cb19e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4AC1F030A1EB498FD728EB18D482536B3E1FF99384F14497DD08AC3696DB75F8428786
                                                                                                                                                                                                                                                                                                    Function 00007FF848A93B28 Relevance: 1.6, Strings: 1, Instructions: 365COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: d
                                                                                                                                                                                                                                                                                                    • API String ID: 0-2564639436
                                                                                                                                                                                                                                                                                                    • Opcode ID: 490b026a1b85f5767a1086af5d61a8b9270d1715606c62b6ff5d28063f7f7319
                                                                                                                                                                                                                                                                                                    • Instruction ID: 70a08edc6b2787dbb4c3d39761245211d972d843e37bc66bf323fb3add7c597d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 490b026a1b85f5767a1086af5d61a8b9270d1715606c62b6ff5d28063f7f7319
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93B13330A0DB454FD728EB1C94825B5B3E0FF95358F144A7ED08AC7156DE35F8428786
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8C540 Relevance: 1.6, Strings: 1, Instructions: 345COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: h b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-644692818
                                                                                                                                                                                                                                                                                                    • Opcode ID: 535de51288414bafa548aa241fc4593d8a3b04460355efa8a714c93b6fd4764c
                                                                                                                                                                                                                                                                                                    • Instruction ID: cce7bb617fbc44ffe94402db018b02bfd62cd5d14e9f47a8886ca4876629b132
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 535de51288414bafa548aa241fc4593d8a3b04460355efa8a714c93b6fd4764c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1BA11731B0E9194FD798FA2CE4566B837D1EF49350F1400FAD48EC71D2DA58EC468BA6
                                                                                                                                                                                                                                                                                                    Function 00007FF848A886DA Relevance: 1.6, Strings: 1, Instructions: 344COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: x6b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3390790635
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2167d2a383b5ae0d6ea196dabe986878c8d992401aec9281e1313fe83776367e
                                                                                                                                                                                                                                                                                                    • Instruction ID: d1072e4df3cc2b4ebf0bf4d39011c4a8bff03df6e38fea22806a18c006b41dba
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2167d2a383b5ae0d6ea196dabe986878c8d992401aec9281e1313fe83776367e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51B1E530D0E65E8FE794EB6898157E8BBB1EF46390F0401BAC04DD7192CF781846CB66
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8CCC0 Relevance: 1.6, Strings: 1, Instructions: 328COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3148312969
                                                                                                                                                                                                                                                                                                    • Opcode ID: e63353847cc5737d99e30ad091e2ca282d5422bb31df2caf9285b4a057f2d93d
                                                                                                                                                                                                                                                                                                    • Instruction ID: df5f114afb23d1083880ee65fbd3e9fb132d44b7b5ae73d9d145c5c1b75309af
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e63353847cc5737d99e30ad091e2ca282d5422bb31df2caf9285b4a057f2d93d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CCB1B471E1DA4E9FEB94FB68A4167BDB7A1FF54740F0401BAD00DC3282DE7868418B66
                                                                                                                                                                                                                                                                                                    Function 00007FF848A83FCD Relevance: 1.6, Strings: 1, Instructions: 313COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: x6b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3390790635
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5627505c1eefd82a3b08e09e620a49f89ea183ae0abf157f640f266dd4b63e8b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 75784a474d61762b090cb58a3e53303f2ac7773aa2e8a698c1c5f197c21c3af1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5627505c1eefd82a3b08e09e620a49f89ea183ae0abf157f640f266dd4b63e8b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 90A1E370D0E65D8FE754EB24A8066F8BBA0FF56390F4402BAD04C971D2DB786846CB66
                                                                                                                                                                                                                                                                                                    Function 00007FF848A95B80 Relevance: 1.6, Strings: 1, Instructions: 303COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: L_H
                                                                                                                                                                                                                                                                                                    • API String ID: 0-402390507
                                                                                                                                                                                                                                                                                                    • Opcode ID: 98a97f151e4fb99d44664c86d0957147bf94a77225a240b8b14fd9813dac4060
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1154d6bebe9da6d4d4427e195ee933e4a18883ac2a50eeb6ee9494c18fa98e69
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98a97f151e4fb99d44664c86d0957147bf94a77225a240b8b14fd9813dac4060
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4371F522F1ED5A8FF6A5E62C241F2756BC0EF68AD9F10047AC44DC32D5EE549C0643A6
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8D469 Relevance: 1.5, Strings: 1, Instructions: 290COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3148312969
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4e945660594bed9dc78ebdf675a2881b293488a04ec520e78fbcbd4144d45d8e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 022a07ce45561538625a6f41b8fd27ce00cb7a6bdcec001ec6a44f17de4ddcd8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e945660594bed9dc78ebdf675a2881b293488a04ec520e78fbcbd4144d45d8e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E918271E0DA499FEB84FB68E8567BCB7B1FF59740F1401BAD00CD3182DE6868418B26
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8F2D2 Relevance: 1.5, Strings: 1, Instructions: 289COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: /X_H
                                                                                                                                                                                                                                                                                                    • API String ID: 0-4271806277
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1cf7990f0d963acfe34bf5486ea0e8b447cc831ba721ee856b5b35d6e63981e8
                                                                                                                                                                                                                                                                                                    • Instruction ID: 16db4949099b2181ae2d00b04fe1ce3204a1c20115a3eb14e600a60bae00376c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1cf7990f0d963acfe34bf5486ea0e8b447cc831ba721ee856b5b35d6e63981e8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1A16271D1995E8FEB98EB28E8997AC77B1FF54340F1001BAD40DD3292DF3459818B25
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8CCC7 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: x6b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3390790635
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6a9184f44183089b9197218e0ede810a46495e00dce8fb421cafd134cdd41f84
                                                                                                                                                                                                                                                                                                    • Instruction ID: b8c554e7a6064b2e7cabd374564f11d9dac77539d090b7f0d49b053c63d3bd65
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a9184f44183089b9197218e0ede810a46495e00dce8fb421cafd134cdd41f84
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6710431E0D95A8FE7A8FA6CB4061B877D0EF893A1F0401BBD44DC7192DF54AC468BA5
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA2CA5 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: x6b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3390790635
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7a3a9adc8fc4b3986acb29607bb085ff80ef2ce5912ad3db4de599a88eed3f58
                                                                                                                                                                                                                                                                                                    • Instruction ID: e51b4467da0c86ad3fb1f02bea9af82e706b728fb5e5be9b5f2a10100363b516
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a3a9adc8fc4b3986acb29607bb085ff80ef2ce5912ad3db4de599a88eed3f58
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB618B31B0EB4A0FE759EA2CA84217577E0EF55394F0401BED44EC3687DEA8EC568395
                                                                                                                                                                                                                                                                                                    Function 00007FF848A88A55 Relevance: 1.5, Strings: 1, Instructions: 226COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: x6b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3390790635
                                                                                                                                                                                                                                                                                                    • Opcode ID: f3cb75b54960de6c66caebcdfd06887d61a5c627057c4b8786b7d396ff524344
                                                                                                                                                                                                                                                                                                    • Instruction ID: dfab0c196be29e4113cd1ad4e1fc2e1a2336d969c75856e844af6382a2a8b9fd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f3cb75b54960de6c66caebcdfd06887d61a5c627057c4b8786b7d396ff524344
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD71D170D0E64D8FDB55EB64E4166E9BBB0FF4A381F1501BAC008DB192CF792845C766
                                                                                                                                                                                                                                                                                                    Function 00007FF848A805A0 Relevance: 1.4, Strings: 1, Instructions: 180COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: x6b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3390790635
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0199f8c9e5194f5981e78aad50f41143f74bccdf8b8ce655850b86ca847ac8a7
                                                                                                                                                                                                                                                                                                    • Instruction ID: adbebe885b73b271d0272da26ee1899d2578e0dee1ada8ddf3f6accf079b5079
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0199f8c9e5194f5981e78aad50f41143f74bccdf8b8ce655850b86ca847ac8a7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73513870D0AA1D8FEB58EB68E4566FDBBB1FF49340F50103AD009E7281CBB96845CB65
                                                                                                                                                                                                                                                                                                    Function 00007FF848A88AA5 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: x6b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3390790635
                                                                                                                                                                                                                                                                                                    • Opcode ID: c853e24ba0f253073993d601ebff995b72a90b84e457431e0edd5435ea2e572a
                                                                                                                                                                                                                                                                                                    • Instruction ID: fc3a74019f8d15ea0321d67bf0f6c5025a57caf8bcc88f11958251340a4c87dd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c853e24ba0f253073993d601ebff995b72a90b84e457431e0edd5435ea2e572a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B51D270D0E69D8FDB45EB68A8166E97BF0FF4A381F1401BAD048DB192CF381846C762
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8CD7D Relevance: 1.4, Strings: 1, Instructions: 168COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: x6b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3390790635
                                                                                                                                                                                                                                                                                                    • Opcode ID: bfc0274ee1c2227589ca24e2f502464c859dd0a9570e82997f9e8b2c8335db87
                                                                                                                                                                                                                                                                                                    • Instruction ID: 69297b72e86d8a511c33fee148b4634b6c666217ac8dca6fd6d64cf49b2314e6
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bfc0274ee1c2227589ca24e2f502464c859dd0a9570e82997f9e8b2c8335db87
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8241F936B1DD2A8FE758FA1CB4061EC77D1FF993A1B0401BBD149C7182CF65AC0A86A5
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8C65D Relevance: 1.4, Strings: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: h b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-644692818
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4be73e43769f2743038fea19136a3dac8292a8905c271f75927233f0f2c9ccbd
                                                                                                                                                                                                                                                                                                    • Instruction ID: be7681a534a21d7279bba2a76a4a308569a8bc9969878044bc9588bb4ece4210
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4be73e43769f2743038fea19136a3dac8292a8905c271f75927233f0f2c9ccbd
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF41EB3071D8094FE6A8FA1C945677933D2EF49351F1011BAE48EC31D2DE54EC528B97
                                                                                                                                                                                                                                                                                                    Function 00007FF848A83C3D Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: x6b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3390790635
                                                                                                                                                                                                                                                                                                    • Opcode ID: a74b9a731d930a9735bb35c501c18c0cc5ac0a5b66c85d90e1561cb9a6343831
                                                                                                                                                                                                                                                                                                    • Instruction ID: 09a89638edcdea0323816cc49eccf0aea1bff30b727677f5d64d877344acaea7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a74b9a731d930a9735bb35c501c18c0cc5ac0a5b66c85d90e1561cb9a6343831
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4341BB70E09A5D8FEB48EF68E4466ECBBB1FF49340F10017AD009E7292CB786845CB61
                                                                                                                                                                                                                                                                                                    Function 00007FF848A884DA Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: x6b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-3390790635
                                                                                                                                                                                                                                                                                                    • Opcode ID: e440eb803f6d191a85aa98abdab341ea1ae4b9bdde8fbeecc80edb5a1dcacbce
                                                                                                                                                                                                                                                                                                    • Instruction ID: f50d023c0ddbc7c6aea01467cde2848509d7362b3c216416f61eaebb8de9b8f4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e440eb803f6d191a85aa98abdab341ea1ae4b9bdde8fbeecc80edb5a1dcacbce
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7419D70D09A0D8FEB49EB68D4566ECBBB1FF59380F50017AC009D7292CF346845CB62
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8CFF7 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: tM_^
                                                                                                                                                                                                                                                                                                    • API String ID: 0-212585260
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3dd1f722b19b9c99ec5af0b8ddc19be114ab846139edcdd963e46f19d4f34899
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0dcbf44f7b7e8ca2f4628ae07b309b88155b080950529992b4e33419bdefe090
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3dd1f722b19b9c99ec5af0b8ddc19be114ab846139edcdd963e46f19d4f34899
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E310863D0E1555FD711FB7CB8961F93BA0DF42364F080277D448CB163EF18654A82A5
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA5B60 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: GR_H
                                                                                                                                                                                                                                                                                                    • API String ID: 0-228314495
                                                                                                                                                                                                                                                                                                    • Opcode ID: e67d2f03acd890662994bb09938f1f2366f6a5d799b7905f7b5bc883f9ef3833
                                                                                                                                                                                                                                                                                                    • Instruction ID: f4fc00d5ccee168958fb21589e84ed46ed3a6538477949de510e788e3e8a48fd
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e67d2f03acd890662994bb09938f1f2366f6a5d799b7905f7b5bc883f9ef3833
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B31E42090EB894FD756EB78486A5757BE1EF56280F0940FBC049CB1D3DE586C06C36A
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9C3F3 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: GR_H
                                                                                                                                                                                                                                                                                                    • API String ID: 0-228314495
                                                                                                                                                                                                                                                                                                    • Opcode ID: 61601b587a2beed018bf72745ad92c595e220e4f03b121c0a3e9a6aafc3d1a85
                                                                                                                                                                                                                                                                                                    • Instruction ID: f831848d1764f53954c43c958632d44ac48862886a72d1e8622f1869637fc2c7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61601b587a2beed018bf72745ad92c595e220e4f03b121c0a3e9a6aafc3d1a85
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9731885790D6D129D302FB7CB4861FC6760DF423B9F185677D58C490A3EE2CA28992C6
                                                                                                                                                                                                                                                                                                    Function 00007FF848AB5E30 Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: 8\b
                                                                                                                                                                                                                                                                                                    • API String ID: 0-381763179
                                                                                                                                                                                                                                                                                                    • Opcode ID: 981833fcb00a915aee29549cf99db5aacfa1b4b92cc32800f6d3c92104776c98
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0e1ec28a9138d5b449ae3e6e1c5b49e542ad51acb681d4a59b61d58a42fa4f48
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 981833fcb00a915aee29549cf99db5aacfa1b4b92cc32800f6d3c92104776c98
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 82F0A93090AA0C9FDB80EB68D8052E9BBB0FF5A344F00017AD108E3280DB356414CBA2
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9EE20 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID: hb
                                                                                                                                                                                                                                                                                                    • API String ID: 0-583460702
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9b7ac90ddf33516d9f0a2204d1de01065dc1eb2ee00ee61c19fcde2ecf1bc449
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1eba0897ca74bbb336c44ee0c1687279eb293af82ec6eba834f6a9c1c311ec3c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9b7ac90ddf33516d9f0a2204d1de01065dc1eb2ee00ee61c19fcde2ecf1bc449
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8E01D1050ED4D4FDA56F72C495659037D0EF0E348F9D04E1D448CF152D65E5D5CC326
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9E38D Relevance: .8, Instructions: 780COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 241bbd6d999a91468c03e3af5253d8250a610fddd2ebc041b900addbfbc20462
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8d4a6d208b842fdbdb639f6de48d07184c24f4c5ddb2d08cd76c8350ced10c48
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 241bbd6d999a91468c03e3af5253d8250a610fddd2ebc041b900addbfbc20462
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB022221E0DE8A4FEB94FB2C84566B537D0EF55344F0840BAC40DCB297DEA8AC45C3A2
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9D314 Relevance: .5, Instructions: 533COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7793e3395a774e9abbbd47824c9ef7ed71c7153ede6489e2f811a23c23337546
                                                                                                                                                                                                                                                                                                    • Instruction ID: aa35b5fb3042bd640ab7d46af2d1923ec17ea1ea75ac95fcd5109304f84f0d71
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7793e3395a774e9abbbd47824c9ef7ed71c7153ede6489e2f811a23c23337546
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DBF11630A0DA498FDB59EB28C4556B97BE1FF99304F04466ED48EC7292CF34E842C792
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA0EF6 Relevance: .5, Instructions: 512COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 87a43f78ed1109ac4909057d6c2b2b0c1bd6c018cb91df5f2e17a9307ab3f069
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9e63001809d502090eaf58c90b45088c709d3cb61242cd7932b6bda4a65151a6
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 87a43f78ed1109ac4909057d6c2b2b0c1bd6c018cb91df5f2e17a9307ab3f069
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74E13830A1DA495FEB88FB2CA84A67837D1EF55780F0400BED44EC7597DE68EC428396
                                                                                                                                                                                                                                                                                                    Function 00007FF848A934D2 Relevance: .5, Instructions: 488COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: eeb890f54712bbca2d1dfa75041fc69aa2ee2b85771d4a8c726b735c31b9efbc
                                                                                                                                                                                                                                                                                                    • Instruction ID: 78f33ad847c6fa2ef377ba830a806208227066629759fa240b5882376982dc34
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eeb890f54712bbca2d1dfa75041fc69aa2ee2b85771d4a8c726b735c31b9efbc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 77E1F521B0E98A4FEBA4EA2CA8556797BF1FF59354F0815FBC008C72A7CE68DC058355
                                                                                                                                                                                                                                                                                                    Function 00007FF848A97146 Relevance: .5, Instructions: 459COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a828e9e5caaf8df918d31b8d9affd9669242d5515a60fc4817b7dc8e59996526
                                                                                                                                                                                                                                                                                                    • Instruction ID: 612d76e70ca35db81cb09904562c1fdf3606970cc7bad7eda28747bbaf04edf2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a828e9e5caaf8df918d31b8d9affd9669242d5515a60fc4817b7dc8e59996526
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6CE1D47091DB898FE798EF28845666AB7E2FF98340F10457DD44DC7292DF34A8418B53
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8A7D3 Relevance: .4, Instructions: 436COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 87bf8e7decbc724aeb576ad5ce95464e26390cba7ee32ad25bf56726a3baebd8
                                                                                                                                                                                                                                                                                                    • Instruction ID: 98bae83b7e4d0f9f7d9a05ed854d0d51043394572cbd5fcfa5ee91388d8b7da0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 87bf8e7decbc724aeb576ad5ce95464e26390cba7ee32ad25bf56726a3baebd8
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60C1C662E0F9D65EE212BA7878121FCBB60DF526A1B0803B7D488860D7DD58654A8277
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8D9E9 Relevance: .4, Instructions: 433COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 268dbb2369711758c74e9c67a5314dd556e6ebc670a5ae3aa55daf19b274f98e
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5475c3d6632770a33688ec8144bbe3034ac4b32ceb12b9815e504e9b33f3a4b0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 268dbb2369711758c74e9c67a5314dd556e6ebc670a5ae3aa55daf19b274f98e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46C1453160DB494FDB54EB28E446AA5B7E1FFA5390F0402BED04DC3292DE66E846C792
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8AAE8 Relevance: .4, Instructions: 408COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a7fae64c5a445ea5b363957c6eae0f96eb4991ce4b4b11c0b469f75ff1b12aab
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9469444bd3e3586f72d60ef1656cb6c8ecee979d8bd3910d5d08edd883f2221e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a7fae64c5a445ea5b363957c6eae0f96eb4991ce4b4b11c0b469f75ff1b12aab
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BEC11A21A1EA8E4FEB95EB2C645A77877D1FF59340F0400BAD40DC71A3DF589C4A8366
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9C9CD Relevance: .4, Instructions: 385COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 8bb8b182b01310a1add0c25d71a3565b74dd97d30c79dc97428655bc72e5f7e2
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1ed975e50614ecf4b7ddbb37e7fe3fb5e1a36b95f2ace307c547f570d87f116e
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8bb8b182b01310a1add0c25d71a3565b74dd97d30c79dc97428655bc72e5f7e2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30C1C230A0DA4A8FEB94EB2C84557A97BE2FF58384F5401B9D44DC72D2DF68E841C792
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8B900 Relevance: .4, Instructions: 372COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 05dc57c5c6b6fef1c691d5b27239638a3e8fec13c3e60b9cce3cf15bb826669b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 98d68e2b7b259e322bec34cb067145f42d21a7bb4fdd524b376c3d7c7ce39508
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05dc57c5c6b6fef1c691d5b27239638a3e8fec13c3e60b9cce3cf15bb826669b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7B13630A0EB494FDB95FB28D4526B577E0EF493A0F0441FAC48DC7697DB68A846C352
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9C9A0 Relevance: .4, Instructions: 353COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 62f540e0e30ec471fb87be5488be0e77aa01e27c442360df7580ae634d071e20
                                                                                                                                                                                                                                                                                                    • Instruction ID: 28b38cb9151fc9ba1e1f75856620e7678a07306f6971fa0ecd5597ecdcf2d890
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62f540e0e30ec471fb87be5488be0e77aa01e27c442360df7580ae634d071e20
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C2A1E571A1CF088FEB58EB1CA8466B877D1FF99750F04017EE04AC36A1DB65F8858786
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9CF0B Relevance: .3, Instructions: 341COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: c0e85a652c223a29e8824c9b8695b3300706d29ddc39b1aa77ef9dd321c8e7cf
                                                                                                                                                                                                                                                                                                    • Instruction ID: b0225e7ede98dc6df63d78910da93f4ffa181cbebc47f625af836623efea32b5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0e85a652c223a29e8824c9b8695b3300706d29ddc39b1aa77ef9dd321c8e7cf
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DEB12930A0EB4A8FE764FA2894522B977D1EF453C0F04417AD44EC75C2DFB9684A8366
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9C948 Relevance: .3, Instructions: 339COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: d18615d25c0ffef67b107bedb692cf0902810d357c00bb69c44022262449733b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2a0d46b0dabb6da03dcc6cff95909978caa1a8267b125fee11ab9b88290c4592
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d18615d25c0ffef67b107bedb692cf0902810d357c00bb69c44022262449733b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24A1D331A1DF4A8FEBA4EA18D4526B973E1FF98390F14017AD40DD3582DF68F8818796
                                                                                                                                                                                                                                                                                                    Function 00007FF848A93C08 Relevance: .3, Instructions: 335COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: b7bfce7b07896ef26ae237c18af5f9106b90dd9eec95180461e873072aae2975
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3f6b6f0286a69d42c646fcbda7a9cb2a698ddc16497dd98bcbaa988b15089474
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7bfce7b07896ef26ae237c18af5f9106b90dd9eec95180461e873072aae2975
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45A1243061DE498FDB58EB2CD482A7177E1FF59354B1409BDD08EC72A2DA25F842C792
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8DE79 Relevance: .3, Instructions: 320COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: b6240c89679faa9c7ebabf5d40480da94a4860efd6304be2e453ad6f075a1ab9
                                                                                                                                                                                                                                                                                                    • Instruction ID: 727da8b67f4f65506129138c2d8fc532709ac07a5e956c239c47b0e8e360820d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6240c89679faa9c7ebabf5d40480da94a4860efd6304be2e453ad6f075a1ab9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5914B30E1DA894FE748EB2CA8565743BE0EF99740F0405BEE08EC7297DE64EC428756
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8E970 Relevance: .3, Instructions: 313COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4950c484479481ce3380b01563408740fc001f0d8f197c0f2db7ecc9f9760af7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 532db1c3a5e3d7bb303391be1409e18397ca56a62a97bb05a124c05fe43286e2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4950c484479481ce3380b01563408740fc001f0d8f197c0f2db7ecc9f9760af7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1816C31B1DC190FEA95FB2CA45A7B933D1EF983A4F0405BAD40DC7292DE589C838392
                                                                                                                                                                                                                                                                                                    Function 00007FF848A86EA9 Relevance: .3, Instructions: 302COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 02c9a2d9cfd1b75d9ecd5c9179b4d46a329f767b7263ba92bff72b00fb9bffa2
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9dc23321ce872bf5de709092e32f5e920581f1b5350f1189498404e295ac142f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 02c9a2d9cfd1b75d9ecd5c9179b4d46a329f767b7263ba92bff72b00fb9bffa2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EEA1DF71D0E64D8FDB44EB68D8556FDBBB0EF5A340F0401BAD048DB292DA78A845CBA1
                                                                                                                                                                                                                                                                                                    Function 00007FF848A93C30 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a087646bee97dd398d7e2e6af938475fe8743d841506e2b48d519251553d2655
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2bd422d4ddccf849000850fde84dae1754546656361087e5c28d3aa80319a919
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a087646bee97dd398d7e2e6af938475fe8743d841506e2b48d519251553d2655
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D491653061EB894FE358EB2884865B577E0EF55358F140A7ED48AC3292DF74F842C756
                                                                                                                                                                                                                                                                                                    Function 00007FF848ABE2A0 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 84b6b3b354e38c455bc32b35f389e2e66f2894f652e7a0034ece7bd758435d79
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7ace2fcc2509ab105804c33439682c8c1ebb8e61ec48d77e3f3da0500b4e0755
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 84b6b3b354e38c455bc32b35f389e2e66f2894f652e7a0034ece7bd758435d79
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B815430A0DA098FDB58EB18D846AB977E1FFA9320F04027DD14EC7292DB65F8428795
                                                                                                                                                                                                                                                                                                    Function 00007FF848A87DC8 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 070d4dade6e85cff2833e272113c77f7f912cad423837467c595efbfdeece793
                                                                                                                                                                                                                                                                                                    • Instruction ID: bf2026a9bb497c19b52f8f018e6a5b42a5516805e790c3bfb45be342a0710c81
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 070d4dade6e85cff2833e272113c77f7f912cad423837467c595efbfdeece793
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E191AF71D1E98E8FE798EE68E8466BDB7A1FF54780F000679D009D7182DFB4AC058761
                                                                                                                                                                                                                                                                                                    Function 00007FF848A84610 Relevance: .3, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a3331de88968e50ee917fc2c5b995ffd9e7ecb8e600517acee751abf86d88210
                                                                                                                                                                                                                                                                                                    • Instruction ID: c8e0d1c8de62686ee742891418e4e166328872b1cc34cdc416f669a3c9e7f2c9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a3331de88968e50ee917fc2c5b995ffd9e7ecb8e600517acee751abf86d88210
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72917F70909A8E8FEB84EF68C845BEA77F1FF59300F144279D419D7296DB34A846CB50
                                                                                                                                                                                                                                                                                                    Function 00007FF848A99C30 Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 18606a0bfee71bd2651de07857546fa380053a090041eb463f65b55d77e61eca
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6f63a8f982bde56857e7f7550413221ee5f104ed2e0c7a5ca44e98dd94338f33
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 18606a0bfee71bd2651de07857546fa380053a090041eb463f65b55d77e61eca
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA710630A1DA4A5FE76AEB2C849A27577D1FF59344F18087ED04EC3292DF68AC41C356
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9CE08 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 9cedaac3e88e970d4d0f4f4aae202d79a2d874851f2ce8ff32cbb0d8759a0ba4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 57ca5af62d45cd4a5ff53e1ca88e4157934980c7773319f69efcb6ec205df4c8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9cedaac3e88e970d4d0f4f4aae202d79a2d874851f2ce8ff32cbb0d8759a0ba4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F71363050DB458FD76AEB28C4866B1B3E0FF54380F18457EC04A8B692DFA8F846C756
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9C930 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 92583faa965b9ec08fde915e91d969cbd579bb977a0085a45c7c85c45b74d86d
                                                                                                                                                                                                                                                                                                    • Instruction ID: d8f4bcd4d9b2a2e7ab29cc2dacfc3ed8e23286401b10460adf8bb79f706f7380
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 92583faa965b9ec08fde915e91d969cbd579bb977a0085a45c7c85c45b74d86d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06716C31E0981D9FEB94FB2CD44AAA977E2FF58384F040179D80DD7291DF28A841CB56
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9C938 Relevance: .2, Instructions: 225COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 68821e3d114bf1a202390c9278a8a8553c104f3bf4ebfc40b1894ec16d85adc4
                                                                                                                                                                                                                                                                                                    • Instruction ID: e336fce6432eb1e894a73b498a0b506149228c4cbf672ec3d3914f2d9202b3b0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 68821e3d114bf1a202390c9278a8a8553c104f3bf4ebfc40b1894ec16d85adc4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39611630B09C198FDB98EB5CD499BB977E2FF68351F4040BAE00ED7291CA68EC418B55
                                                                                                                                                                                                                                                                                                    Function 00007FF848A84667 Relevance: .2, Instructions: 223COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ba178e5b20d9a7e2fc0fa08da45add69b0d81a7743f7280dc96ac112017dc8a0
                                                                                                                                                                                                                                                                                                    • Instruction ID: 48298ea1d263407ee36b8f2f14933864c5eab5ac0b8dd7f32ff47b7596fc95c4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba178e5b20d9a7e2fc0fa08da45add69b0d81a7743f7280dc96ac112017dc8a0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9881FB70919A8E8FEB84EF68C845BADB7F1FF58340F204279D419D7256DA34A846CB50
                                                                                                                                                                                                                                                                                                    Function 00007FF848A93C40 Relevance: .2, Instructions: 213COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2bdd7d57a7d0b78eb5a7f513946248a8ae3fe3d030e1cf622a87c9dded8e6b8d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 483e29f862ad1ae0b60149eec9e63241ae530ff9395ca8c375b29738658cfeb5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2bdd7d57a7d0b78eb5a7f513946248a8ae3fe3d030e1cf622a87c9dded8e6b8d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF51123061DA0A8FD758EB1CD886A7177E0EF99354B140AB9D44EC3252DA79F8838786
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8E648 Relevance: .2, Instructions: 210COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1c26db2f893c7f1d5da0499077457c683fb0c143054b9f3a64630ea49b8f3caa
                                                                                                                                                                                                                                                                                                    • Instruction ID: bd7dd18435e8b26ec29e8f555a27060ac554de0cf46b23a4ef67a2f5e8e1cc81
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c26db2f893c7f1d5da0499077457c683fb0c143054b9f3a64630ea49b8f3caa
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A351263061DA098FD758EB1C988AA7173E0FF95354B140A79D44EC3252DF6AF8838796
                                                                                                                                                                                                                                                                                                    Function 00007FF848A954AD Relevance: .2, Instructions: 199COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2620fdcc0652de76ac6abbec857908c968af0e6849a33f2802f2882535e3f930
                                                                                                                                                                                                                                                                                                    • Instruction ID: af70df715c4d15ee66f3dd10d4e41bed211b3b7179f5d1ae6c2f5c0962ab5e1a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2620fdcc0652de76ac6abbec857908c968af0e6849a33f2802f2882535e3f930
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD413831B0EE0A0FEB98E61CA8536B53BD1FF85364B4415BAD40DC3193EE59EC424355
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8ADFA Relevance: .2, Instructions: 180COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: db48a6afbbbf2eac93dd5ad9a6d1b8ed34b173421464a1a6960f34661dd4b9fc
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7a9e3c691d36e989245b292f9846e5ec7a43d0ce36997c3e7371d6c1605c9c86
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: db48a6afbbbf2eac93dd5ad9a6d1b8ed34b173421464a1a6960f34661dd4b9fc
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F412822F1DD5A4FE798EA2CA8552B973D1FF94290F04457AD04DC7286EE58EC428363
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8FD1B Relevance: .2, Instructions: 179COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 272895c1a325fa240c341560638c2a74deaa32d586b708124557dca67125e73c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 88bc445f2d1b6183c712056e4281b972f073f28e214ca74b73b8091f70f2b226
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 272895c1a325fa240c341560638c2a74deaa32d586b708124557dca67125e73c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE516271D1995E8FE7A9EB28D8597A8B3B1FF58740F0001F6D40CD3192DE745E818B11
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9ABC9 Relevance: .2, Instructions: 170COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 143be37a6bbeb34414b117ac7ff02321f09e5eef726b18a784b8b8d1fa736814
                                                                                                                                                                                                                                                                                                    • Instruction ID: 77590349ce82e289bc1a04a970713988647c82df1b06fc5ae9b1aee1cde2e5f7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 143be37a6bbeb34414b117ac7ff02321f09e5eef726b18a784b8b8d1fa736814
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C513370D0A61D8FDB98EFA8C4957ECBBB1FF19304F10046AD009E7292DB79A985CB15
                                                                                                                                                                                                                                                                                                    Function 00007FF848A94C00 Relevance: .2, Instructions: 166COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: fd90008eefce6b7fe1ffa0ebda1ebd7f112c901f17eeebee23bf78ca2290616a
                                                                                                                                                                                                                                                                                                    • Instruction ID: a3d4df46f0b5981349b31db78cea0cbe7e1107329e4cef5d890ef22f05c60158
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd90008eefce6b7fe1ffa0ebda1ebd7f112c901f17eeebee23bf78ca2290616a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4F410A21E1ED4A4FE6A9F72C945677977D1EF98384F0844BAD04EC32D6CF58AC028396
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9C9D7 Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1aedc63e7ed0e452c745cd4811e8eab2cdf585aa42fccac24fd7bf4e703293e3
                                                                                                                                                                                                                                                                                                    • Instruction ID: a9dd324b971dc864a7c6aacb04523140cbd8de9067e9244909ffef637bd16204
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1aedc63e7ed0e452c745cd4811e8eab2cdf585aa42fccac24fd7bf4e703293e3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2511830919A4D9FDF94EF18C845BEA77E2FBA8354F154275A40DD3285CB74E8818B81
                                                                                                                                                                                                                                                                                                    Function 00007FF848A94131 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: fcb6e0a9c8ba09b1c7154a7219e7a9e5d135a452796cf10fe0594e3d7d4cd272
                                                                                                                                                                                                                                                                                                    • Instruction ID: c44e9f714bd0b6295e35a648f08e36b21457a90c81958f5e2eac222569dbf2d0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fcb6e0a9c8ba09b1c7154a7219e7a9e5d135a452796cf10fe0594e3d7d4cd272
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19517E70D1D9199FEBA8EB68D8553AC7BB1FF98344F5001BAD00DD3292DF3859828B25
                                                                                                                                                                                                                                                                                                    Function 00007FF848A95150 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3ef3e4e7b33573626b460e45e4f24b9eac42d99c362f63ddcff77af244a3bd46
                                                                                                                                                                                                                                                                                                    • Instruction ID: 829c5bac9367fae39545f6140ae79f3be8cdfd9607c2ebb52a5f8598020c8496
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ef3e4e7b33573626b460e45e4f24b9eac42d99c362f63ddcff77af244a3bd46
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8441E13061DE898FDBA9EB2CC052E6177E1EF59344F1449B9D08ECB2A2CE64F845C761
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8F198 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: f3bc1f7b5c8e52a71e8f9fe01e291e22a3befc8c2b4b08483d973c579bf65e62
                                                                                                                                                                                                                                                                                                    • Instruction ID: 596e1ecd4ec916534c56175b58e09b942b6734fc37fea8ff718160e0bc224ae7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f3bc1f7b5c8e52a71e8f9fe01e291e22a3befc8c2b4b08483d973c579bf65e62
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4F418030A0CA4E4FDB98EF1894566BA37E1FFA8358F10053AD41ED3295CF74A8428796
                                                                                                                                                                                                                                                                                                    Function 00007FF848A92CD0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 90a8ba86a073d69a8affe1e23e06bb5c55a4708796b0d9c5d5fa993dadb857aa
                                                                                                                                                                                                                                                                                                    • Instruction ID: 997db3bc58bfc805582cbcee3faf409402344bd7a20c918465e7660dff23d815
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90a8ba86a073d69a8affe1e23e06bb5c55a4708796b0d9c5d5fa993dadb857aa
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E310962F1CD1A4FE394FA3CA40A2BA77D0EB947D5F04097BD44DC3290DF9898864396
                                                                                                                                                                                                                                                                                                    Function 00007FF848A95148 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4fc41ff8fc9476cffcc15c0d6ce41877e17a296f69fdd3a3c5ea2a48045b2a4b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 57637075d099848bb558edb8ed3636ce9396a5b4084db974b7cf388210e666fc
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4fc41ff8fc9476cffcc15c0d6ce41877e17a296f69fdd3a3c5ea2a48045b2a4b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E41AE3061DE898FDF99EB2CC051E6177E1EF59344B1449A9D08ACB2A2CE24F845CB61
                                                                                                                                                                                                                                                                                                    Function 00007FF848A87140 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: eddf1b4de6645637b89ed92a85b9967a11f6471731a3ee3f1326be11928dc31d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 98b067bcdfb64ac711a4137ec909b73809f1c9c90172c9320632b63a43a9b108
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eddf1b4de6645637b89ed92a85b9967a11f6471731a3ee3f1326be11928dc31d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2431B232F0DC194FEB94F65CA44A7B977E1FB98790F0401BAE40EC7285DE689C428796
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8BDE7 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3e3cd122a4efc8f09df2965177c7f6c456c09edbaf56d2f4cc00217f0e8daed7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 90bfaabcb94f53398f19595f688db0450a1e1903e88a9ef0daee6c99df0ca429
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e3cd122a4efc8f09df2965177c7f6c456c09edbaf56d2f4cc00217f0e8daed7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F312C21E0DD8E4FE765FA6864952F877E1EF58740F0406BAC00DC7196DEA89C4B4351
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9AD9F Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 33c561376bfef9811f2a3ee22e85fdd2095704befb7be66b1ddf109d773f7f50
                                                                                                                                                                                                                                                                                                    • Instruction ID: 88605407d25d77c0a4ec075bcc05885b8aa2ad0d5fca39b50b733e2946a73ac8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 33c561376bfef9811f2a3ee22e85fdd2095704befb7be66b1ddf109d773f7f50
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 23419730D0E6598FEB44EFA8D8446EDBBF1EF49350F00047AE009E7282DB786885CB61
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8B94D Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 64692eecd2fe659300de2e5fa9bd04192dd2433ca348e79986c4ba5716a1c685
                                                                                                                                                                                                                                                                                                    • Instruction ID: fac2480062452717dcac7e595fa5b668a761e35568226c2f48d77e9befb9c9f3
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64692eecd2fe659300de2e5fa9bd04192dd2433ca348e79986c4ba5716a1c685
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7231172160E9855EE755F77CA0926FA3BE1DF45364F0800BAD4CEC7193DE186446C395
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9CF2D Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1c1e34474706ae58c623334e1a517a203539d70f89be4c8d88b42eb1c84431e4
                                                                                                                                                                                                                                                                                                    • Instruction ID: 25d9bc87bbc1a12f5dd403fa126e9895dd7401bbc2711ccaf9db697579d2b948
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c1e34474706ae58c623334e1a517a203539d70f89be4c8d88b42eb1c84431e4
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8131AE3061DA098FD728EA18C086A7973D1FF58384F50457DD05BC3691DFB5B842879A
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8F1D0 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: bbd7cb251b6585953859d5528d46701d9e976d8ca5687643b5a4a4cb85a1c24f
                                                                                                                                                                                                                                                                                                    • Instruction ID: a38353067f08076e7fdd1df2a4fabd7d2b4830ac1e62114c8368850ac7f9177b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bbd7cb251b6585953859d5528d46701d9e976d8ca5687643b5a4a4cb85a1c24f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1731FB31A0DA468FE790E91C9445675B7D1EFA43A8F08097ED44CD32A1CB98D9C5C36A
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9A27A Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 4517cdf3bd6b8087e429a86515ab6b97a6a8e7bc217f1edf08d660a65220a10d
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5e0aa0074f35aa648dbc8ebf25d015fe92a7b67a33b959d8bdc7c60d823316a5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4517cdf3bd6b8087e429a86515ab6b97a6a8e7bc217f1edf08d660a65220a10d
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7218A3060DA084FD798E60DA845A7533D0EF96360F05017BE08EC71A1DE60FC438356
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA16AE Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 907ce33cff4731e81f3ddc27578bd02fc484cb15669e86d0743f00490f009c69
                                                                                                                                                                                                                                                                                                    • Instruction ID: 48986377543773ec549fcbfdeaf70bb5c3f2720898dcc012a234ff4d2f8bb1b7
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 907ce33cff4731e81f3ddc27578bd02fc484cb15669e86d0743f00490f009c69
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB31F720B1DA984FDB95FA2CA04627D37D1EF98780F10017AF48AC3297CE6CAC458797
                                                                                                                                                                                                                                                                                                    Function 00007FF848A96E79 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: e4eb11e0d82347d8ce990a57e5031245f551ad02bc188f21b8557423389ce6fe
                                                                                                                                                                                                                                                                                                    • Instruction ID: 22b33a6f77db287ccf3859dc276b7cd4be3fb3b7b05adf8436e15bd43fae02d9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e4eb11e0d82347d8ce990a57e5031245f551ad02bc188f21b8557423389ce6fe
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A231E63180CBC64FD744EB38885A665BBE0EFA5354F0846BAD08AC7192DF68E9458753
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA4350 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: afd8ed0bdb175a7d1e73319a55ff934b410769bb83299420a946d70724c4b6ef
                                                                                                                                                                                                                                                                                                    • Instruction ID: e515d38f0c72c3a7c0117a7d1d8f234d2dfb1d0eb6ee9f81611535d710183f48
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: afd8ed0bdb175a7d1e73319a55ff934b410769bb83299420a946d70724c4b6ef
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C312330A1EF064FE759E638D485AB177D1EF54380F04457CD48EC3A95EB68B8828396
                                                                                                                                                                                                                                                                                                    Function 00007FF848A92B9D Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: b49898f19c9f0de2ab1c5d30fe295d1c42eb9cd8d50ca67d354024c2a6b4e99e
                                                                                                                                                                                                                                                                                                    • Instruction ID: c3155de8efaaac7fcd6159b92089624e1fa581740d3203d603be69a39e1849f1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b49898f19c9f0de2ab1c5d30fe295d1c42eb9cd8d50ca67d354024c2a6b4e99e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7216D32F0E9864EE7ACA52C78571B467C1DF85264B0801BBE00CC72D6DF5A588287E5
                                                                                                                                                                                                                                                                                                    Function 00007FF848AB6D10 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 59a7ed5ac33a52b84e93dfd72d22e95677d03fab1cd742131ca7794efc30bfa7
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4ffc4725730276f0d765b70defc1aeab4d158ea0d88404c53a9dab7f0afd2b84
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59a7ed5ac33a52b84e93dfd72d22e95677d03fab1cd742131ca7794efc30bfa7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F315630D0A65D8FDB48EF68D8916FDBBB1EF59341F14503AE409B3280CB74A940CBA5
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8BE16 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: d851f6c0759f325acf85eb37d54eec741d499f58e9887d02dbbb4d83b26e14c0
                                                                                                                                                                                                                                                                                                    • Instruction ID: 49c3507b9c86703372cc441a4895021f0268b34937e55019cd43575df8040780
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d851f6c0759f325acf85eb37d54eec741d499f58e9887d02dbbb4d83b26e14c0
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D210822E0EECA0FE795FA6864852F477E1FF99650F0402B7C40DC7193DEA8584B43A1
                                                                                                                                                                                                                                                                                                    Function 00007FF848A93F10 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: f77dc1f805b78a78f045bdf044094b2b584a1d32dfea37632af6703318671ca6
                                                                                                                                                                                                                                                                                                    • Instruction ID: 289b0be0f6622b28c59886b11542a0f9ea3c2926f70521f4dec665ee14fc6c3b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f77dc1f805b78a78f045bdf044094b2b584a1d32dfea37632af6703318671ca6
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF11E731B1DE180FE668AA5CF80A17577C1EB9C7A5F1406BFE80DC3296DD555C4242C6
                                                                                                                                                                                                                                                                                                    Function 00007FF848A83AA5 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: e63d19061768b932abfcacb9501ae1e8094734b948623df437485d6ecfcc017c
                                                                                                                                                                                                                                                                                                    • Instruction ID: cd9d1bd01dddb01d28253e3f6bf499f72566017fdbdfaed83b05374bde97c0ca
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e63d19061768b932abfcacb9501ae1e8094734b948623df437485d6ecfcc017c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8431BFB1909A4D8FDB42EF68D415AE9BBF1FF5A341F5400BAD008DB292CB35A844CB61
                                                                                                                                                                                                                                                                                                    Function 00007FF848A809D0 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 930e7027387002eb3848525933c24144136ab81772a17dafc569b156fbcf0add
                                                                                                                                                                                                                                                                                                    • Instruction ID: 491c6e2bd376f2b3bb74f0e3d84469e4f6f0d123961024405aaca8ba1564ce67
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 930e7027387002eb3848525933c24144136ab81772a17dafc569b156fbcf0add
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC31BF70909A4DCFDB81EF68D4156E97BB1FF5A340F1041BAD008DB292CB35A944C761
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9C353 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 77e1b44899d61c69e1c64a34b752bbac787fb7b2fc37cc78b5c9ebf64b155909
                                                                                                                                                                                                                                                                                                    • Instruction ID: e954e26a103660fe3b273feb5d3013a73b1015b884cd2b4333843763886e5b21
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77e1b44899d61c69e1c64a34b752bbac787fb7b2fc37cc78b5c9ebf64b155909
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9210B61A0ED854FF395EA2C586E376FBD0EF5A658F1804B6C40CCB193DF4528029316
                                                                                                                                                                                                                                                                                                    Function 00007FF848A95DDD Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: c7f9a45394d7f18882ae118c394745049bac3ae27dd2087c8af03399c9fd1145
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9f003ea7f01767e1dd0ec4473f7d39765581d4dbe3e7bd117ec4b9791c5c9bda
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7f9a45394d7f18882ae118c394745049bac3ae27dd2087c8af03399c9fd1145
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A117A32B1ED490FEBC6E12CA0572B92BD1DBC92A971501BBD44DC3286DE19CC434346
                                                                                                                                                                                                                                                                                                    Function 00007FF848A889A5 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 0d107651ad967e4cc11b5b940402e03cefd073b62ac44f04d947d20b7d300b3b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 87b19c4be07a0e145bf85382daba769e04aa5211b840f910d265f3b67f1e75d5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d107651ad967e4cc11b5b940402e03cefd073b62ac44f04d947d20b7d300b3b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B21E23080DA0E8FEB64EA24A4016E8FBB0EF46394F1502B9D44CDB2D1DF75A985C776
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8425B Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6c94132932467e12e389f3d98577fbda3ef41bcf0bbe471d25e5f8d3dd98cac7
                                                                                                                                                                                                                                                                                                    • Instruction ID: fcb8cd92ab9ae08ba33c0e8052c18183e006298df1c92d91fc34df207a98fe2b
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c94132932467e12e389f3d98577fbda3ef41bcf0bbe471d25e5f8d3dd98cac7
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 33219A3188F3C54FD312AB6068125E5BF789F032A1F0A01E7D088DB4A3D66D5A9AC376
                                                                                                                                                                                                                                                                                                    Function 00007FF848A82E38 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 1dce45db3255d754b60810c9a9bb413b9cf19f6236bc20ab01f2206a8a1bdb07
                                                                                                                                                                                                                                                                                                    • Instruction ID: 908ecba6d4b5cd4c7dfe5ea765df8c75f2c381b6534bfa9ccad02dfb888e22be
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1dce45db3255d754b60810c9a9bb413b9cf19f6236bc20ab01f2206a8a1bdb07
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE21E531D1EA8D8FEB94FF28A8452B97FE0FF25344F0401BAD80CC7196EB6498458766
                                                                                                                                                                                                                                                                                                    Function 00007FF848A95E30 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: daea8574f1424c40a6ecf8f63394d7a718cc31142822c016c0b597ebc5f8926c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 5fb4e5b362c87af80508ab1d9a991c95bff1f5041875d526144a85848d574a71
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: daea8574f1424c40a6ecf8f63394d7a718cc31142822c016c0b597ebc5f8926c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0911E532B1EC0A0FABD8E11C605627963D2EBD82A9B24097BD40DC3288EE69DC434355
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8ADF8 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ca6f2c4497e3396b5d998237ca670a09090bb1a968913f016a24c4c80e0179f2
                                                                                                                                                                                                                                                                                                    • Instruction ID: 3f636c2fcdafd167d59996ba08d943f7521180f19534396614e5e3b4dab50ba2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca6f2c4497e3396b5d998237ca670a09090bb1a968913f016a24c4c80e0179f2
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0112721A1DE8A4FE698FA2864911F973D1FF94240B48057AC04DC7286EE58F8818366
                                                                                                                                                                                                                                                                                                    Function 00007FF848A96100 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: fe8e21b2bc301312c70aa5607fff8880d063d8912396d0806ac0e3a3b47ed5cb
                                                                                                                                                                                                                                                                                                    • Instruction ID: 151cbc4c55b879461c9df9822bfb06529bbd83e910813a3fb78521277380950d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe8e21b2bc301312c70aa5607fff8880d063d8912396d0806ac0e3a3b47ed5cb
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA114832F0ED0A4FE6D8E5AD3C561782AC1EF98658B6900FBD80CC3266ED958C418356
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9532A Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: afa546e66f0fce589d0db33d4f4bc5f95d820d56e40807c2d5fae6a21875576e
                                                                                                                                                                                                                                                                                                    • Instruction ID: ed5d0396b9ec5be959533ebcc5fd90edb3969e0de467eee8141ba8a4f584d26d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: afa546e66f0fce589d0db33d4f4bc5f95d820d56e40807c2d5fae6a21875576e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6811C866F0ED4B4FEAECE51C606627663D1FBD8794B14497EC00DC7184DE98EC0A8351
                                                                                                                                                                                                                                                                                                    Function 00007FF848ADEDD0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 3928182e29d1826da4d320413429e9dd1a60f6f4a9a8e024c1057b6f26e70bc1
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1d8af89ba5be8b9201299cf94e421cacd0a0ea6e4b20741ca85240ec205262ae
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3928182e29d1826da4d320413429e9dd1a60f6f4a9a8e024c1057b6f26e70bc1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E211C631B098194FD6A4FB1C9499A7A33D2FF88741F540079E04EC32D2DF54AC418BAA
                                                                                                                                                                                                                                                                                                    Function 00007FF848A98423 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 01ebce290a6eaad97719dfa74fca8c2ac12addc7972af2b6d9aef737cbf67f52
                                                                                                                                                                                                                                                                                                    • Instruction ID: 559fad89d3f1b8bb10adb637a5db054fc185f72fc74ab122cce36744533b13d4
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 01ebce290a6eaad97719dfa74fca8c2ac12addc7972af2b6d9aef737cbf67f52
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5501D132B0D80D4FE6D8FA1CA856A7433C1FF9876070408E7D40DC7752D915EC424786
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8A670 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 053211e2a12f876714445765bf109a394f4bab253923179a4c178c3b89ddca98
                                                                                                                                                                                                                                                                                                    • Instruction ID: bac6cab9ffde946e553d904fae812cc3efe0e3b2c7146eb4cfe6e827b0a2c215
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 053211e2a12f876714445765bf109a394f4bab253923179a4c178c3b89ddca98
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03018631B0D80D0FE694EA6CB85577673D5EF98350F40027AE50DC3256EE99EC4183A6
                                                                                                                                                                                                                                                                                                    Function 00007FF848A852FD Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ac7a43fb62fb9dba9bdbf811ee2d8b48b3fe49cd8a61a99bb16abd7bff8440a3
                                                                                                                                                                                                                                                                                                    • Instruction ID: b540800dd57a6248cd62b209d66c53ac563b349f67d4e8ee6a0eaded0202243a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac7a43fb62fb9dba9bdbf811ee2d8b48b3fe49cd8a61a99bb16abd7bff8440a3
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B01D63184E28A5FD356BB3068670E57FA0EF07355F0510A6E4588A093DAAA165AC3B6
                                                                                                                                                                                                                                                                                                    Function 00007FF848A89E41 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: d1243532998e799b62150182c3b97c29e40bea643cf898be06f50b5e4b1acc6f
                                                                                                                                                                                                                                                                                                    • Instruction ID: 4f14b487794d1ac54bce7f7581d995c5a027e7c5275a8096aceb444255a9a0a9
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d1243532998e799b62150182c3b97c29e40bea643cf898be06f50b5e4b1acc6f
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2301B561E0FA8B4FE657F72C28661791E80EF56690B0C01FAC049CB192EE8958154376
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9C775 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a6af5e3302b6e1c283b751c23de0f4b03cfbd6cc307f3faa1a6948d3809c1497
                                                                                                                                                                                                                                                                                                    • Instruction ID: eafc0629b2a0094aeb7c78800e73791d3278f7e87aef34295dffc13669872966
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a6af5e3302b6e1c283b751c23de0f4b03cfbd6cc307f3faa1a6948d3809c1497
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A01D631A1DD480FE7C4E62C949A3B5B7D1EF98355F5800FAD408CB2E2DF555C418316
                                                                                                                                                                                                                                                                                                    Function 00007FF848A979C1 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 75574d93f032e4d7617bec45740da086b3e858ca90171abaa6800c86fcbf5bda
                                                                                                                                                                                                                                                                                                    • Instruction ID: eeabcca5bc55a267ce2c5c11c58eb3e3df994ad40432c99d9560f59ec38d21f5
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75574d93f032e4d7617bec45740da086b3e858ca90171abaa6800c86fcbf5bda
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93F0B42270D9880FE794E92CAC5E9723FD4DB6A17671502FFE848C7163EA429C028365
                                                                                                                                                                                                                                                                                                    Function 00007FF848A92D68 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: afb72a3a0bfdd804f7a60386854e06ba73688375968ace489384ec6b9dcb2cce
                                                                                                                                                                                                                                                                                                    • Instruction ID: a8c09343dd98c16e4599cfc2565b76b32addd5c67ffd1a7b5aa46469ddc317ab
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: afb72a3a0bfdd804f7a60386854e06ba73688375968ace489384ec6b9dcb2cce
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4601DE3050DF088FD794EB289019A7A7BE1EFD8348F04097EE88DC72A0CB74A845C742
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8AE30 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 2cb5ba3a5ea95b3b713356d09d978bd261c11b296e87ecb0cfef2e9867b59831
                                                                                                                                                                                                                                                                                                    • Instruction ID: a76534f574a75251f69322f23f9544070d0bd28407b2ba04452ce7f44f06f512
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2cb5ba3a5ea95b3b713356d09d978bd261c11b296e87ecb0cfef2e9867b59831
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C301D630A29E8B4FDA98FB2C908157A73D1FF98340B44497AD40DC3189EE68F8818392
                                                                                                                                                                                                                                                                                                    Function 00007FF848A84228 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: e2a3c1b1f826956e8624659c05e443750916339ce842c8ad8d4f3ac354056d60
                                                                                                                                                                                                                                                                                                    • Instruction ID: 0e1f9a29e958b2b0b7d83309ca12ca897ca8442382b13bda6cfca7710bce9a30
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e2a3c1b1f826956e8624659c05e443750916339ce842c8ad8d4f3ac354056d60
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1AF0CD35D4E50C8FEB20EE94B4013F8FBB4EB82394F00203AC00CA3140E7BA9995CB69
                                                                                                                                                                                                                                                                                                    Function 00007FF848A88A22 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 71d0b61c1f93d364e7948bf4680fa8b6d0b720ff51c6e9733205524c6a474156
                                                                                                                                                                                                                                                                                                    • Instruction ID: cd9f48a5502ab4b3bf3701280d57821991cc3ea8c9e548c1f0dd35cddd8cadd0
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71d0b61c1f93d364e7948bf4680fa8b6d0b720ff51c6e9733205524c6a474156
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 12F0CD35D4D60E8BD720EE54F4002F9F7B8EB82390F00203AC40CA3180DBBA9995CB6A
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9ECFD Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ed9e67fdd23b0d2d4bd14fc827dab23ac4cbedb14aa21acf1d9755256820b3fd
                                                                                                                                                                                                                                                                                                    • Instruction ID: 36d19aa148910bb593c7cf5bb13b7d35bc06c443a2126242ce7bb5a1a9e3b1aa
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed9e67fdd23b0d2d4bd14fc827dab23ac4cbedb14aa21acf1d9755256820b3fd
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D0F02831C0D5CD5FD706EB3888191F97FB0EF4A244F0941FAC848CB162DFA519598752
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8BF80 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5525e4e95b035404f34401e55655d78510c55b5c5452f87b00b2bbc97d9e6145
                                                                                                                                                                                                                                                                                                    • Instruction ID: 1a356806c77b0dac6fba0422605f9507810d28ae488c7af18653f03ffd1a8992
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5525e4e95b035404f34401e55655d78510c55b5c5452f87b00b2bbc97d9e6145
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA01D630A29D4B8FDB98FB2C90515B6B3E1FFA4340B44457AD449C7289EE64ED428751
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9EA9D Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 5bbde945d14180499ab3c32a8542efc34010f2ba314ce8b2418503cd9b2f0708
                                                                                                                                                                                                                                                                                                    • Instruction ID: f90f574033bc15931bda02b70a304443fcb0eef631eb10498deebff8cfd2e8fb
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5bbde945d14180499ab3c32a8542efc34010f2ba314ce8b2418503cd9b2f0708
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0001491190EEC90FD756F73814512F63BE1FF55259F0404BAC4C9C21A7DE885865C356
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8D3B8 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: bbb3664dbfffe884fa077d15aaa5fc30b4927450df719ed48574557ba8c9093c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 6c99aa7300df1b373f32e7a74e43ad549446be71e2dfd704c0ebd208d5021b45
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bbb3664dbfffe884fa077d15aaa5fc30b4927450df719ed48574557ba8c9093c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5901D42192DF855ED795E738A4057A266E1FF90304F44546DD09EC7283DEF8A44483A2
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9D18D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7b2e141889e7539214083226c34d724b5fd08d951a0829ae786ed190899c1b97
                                                                                                                                                                                                                                                                                                    • Instruction ID: 88fc1b4272b3f15a01e0177e944e79d712099237105fb5ad856c3ba15b1644f1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b2e141889e7539214083226c34d724b5fd08d951a0829ae786ed190899c1b97
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE01AF4295F7C61FD753F33828212A12FA58E43168B1D05F7E4C8CA197EA8C5899C3BB
                                                                                                                                                                                                                                                                                                    Function 00007FF848A84B89 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 66446d9b1b539cc794a1d70845cfbf59b567dbf4480dddfaf6ea4955d3b94694
                                                                                                                                                                                                                                                                                                    • Instruction ID: d49e7d0ddca2eca31748f1dad49d834d38147433e849723815cc92bb1dd602b2
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 66446d9b1b539cc794a1d70845cfbf59b567dbf4480dddfaf6ea4955d3b94694
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4001A771C0E6CD5FE746EB2898692E87FB0EF0A241F0501F6C448CB0A2DB791948C722
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8AF99 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 10a560d10cf1b42bdd67bd065604845bf3324457fdc8fcbbe7133dcbbef61d02
                                                                                                                                                                                                                                                                                                    • Instruction ID: fb1a41e26379661f294e698e0aa8fb5a87b2ba051237f51ed045f47476d04769
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10a560d10cf1b42bdd67bd065604845bf3324457fdc8fcbbe7133dcbbef61d02
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6016970C1DACE4FDB46EF2888641EA7BB0FF69240F4404ABD858C72A2DAB459648752
                                                                                                                                                                                                                                                                                                    Function 00007FF848A89E95 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 6d095218245ab049ceaafee94c2a95ab5cc21ae93538922786839df3dd50b6a1
                                                                                                                                                                                                                                                                                                    • Instruction ID: 9ed1d0b1265dead45e297ef35a2847501bd66f21b77ec088b0d16e3e1e6d1672
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6d095218245ab049ceaafee94c2a95ab5cc21ae93538922786839df3dd50b6a1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79F08251E0EE9A1FE257F22C38661B81BD1EB95560B4D01F6C448C7297EE8D489243B7
                                                                                                                                                                                                                                                                                                    Function 00007FF848A90F12 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 089bb3755f9c182553143d2948f0693822c97bcac56da163ac1f8cbb851fd172
                                                                                                                                                                                                                                                                                                    • Instruction ID: 8688b054db102f64cf5b29e293eddda214125ed312e3c6d7712d46773cd1b13d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 089bb3755f9c182553143d2948f0693822c97bcac56da163ac1f8cbb851fd172
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8F0282140EACA4FD35AF73C94555A07FE0EF46390F0C05FAD488CB293DA99A9948366
                                                                                                                                                                                                                                                                                                    Function 00007FF848A84B1D Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 661f24c058f185d73fea9495a6e169eea8c2768fcd07b53de0910d5e08a823a9
                                                                                                                                                                                                                                                                                                    • Instruction ID: e4f52947aaecc9824dcd5958b005aaa1d261e6a287a4f2bc0b5b3e7ccea5119a
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 661f24c058f185d73fea9495a6e169eea8c2768fcd07b53de0910d5e08a823a9
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C01AD3080E68D8FDB84EF24D8562E97BA1FF55300F01047AE40C87292DBB9A860C7A1
                                                                                                                                                                                                                                                                                                    Function 00007FF848A83E50 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 35524582952d4b6d5bb1d6171b33651815525ff320c8714d840e39881e2075ac
                                                                                                                                                                                                                                                                                                    • Instruction ID: e24841d41ab8ab46fad35a5767e2fd87cd31b045e3e743157b4dc467ef731669
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 35524582952d4b6d5bb1d6171b33651815525ff320c8714d840e39881e2075ac
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8F08530C0A60C8FD720AE69A0003F9F7B4EF4A349F40203AD00CA2180D3BA99A5CB29
                                                                                                                                                                                                                                                                                                    Function 00007FF848A94F35 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 7aa531a3b34fb644bc93b326b2d16c285181765205f8076257e33172e3c4512c
                                                                                                                                                                                                                                                                                                    • Instruction ID: 7280fe95dfdb29eeda65dfce25d47c28537e1dc468aa714b6c653ccc5804ea67
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7aa531a3b34fb644bc93b326b2d16c285181765205f8076257e33172e3c4512c
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3DF0593180EA8B4FD354E71C84451A077E0FF04340F4405F6D408CB292DF98EC808756
                                                                                                                                                                                                                                                                                                    Function 00007FF848A88CE8 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 34951671e0dd713b7bfafcb877207e245762a143dc08ead8dc5c39ed4bbf4266
                                                                                                                                                                                                                                                                                                    • Instruction ID: efd4565c020f32093ed3a07cdf5954565ffd5a02feff7e6c71a3be643e609a08
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34951671e0dd713b7bfafcb877207e245762a143dc08ead8dc5c39ed4bbf4266
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ABF0A030C4A60D8FCB54EF54A4003FCB2B4FB0A245F402239D00CB2180C7B9AA94CB3A
                                                                                                                                                                                                                                                                                                    Function 00007FF848A88691 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a26159aaf74294c7643fe9e4aa9c9948242d7505f1e30b4d7a3298cd685a66e5
                                                                                                                                                                                                                                                                                                    • Instruction ID: 34841c48b63b6bf5d915ca635c2ef2788a096c61a79a205615493bf20ec4bbf8
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a26159aaf74294c7643fe9e4aa9c9948242d7505f1e30b4d7a3298cd685a66e5
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8AF06531C4960D8FC714EE55E4413FDB6B4FF4A355F402539D01CA3181D7B99694CB69
                                                                                                                                                                                                                                                                                                    Function 00007FF848A932E8 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: a8b892e8d3249c9f03d84f6bc3156debe6f66b65dfe9e5e40c699db3d1a7be0a
                                                                                                                                                                                                                                                                                                    • Instruction ID: ef804b575b4d38762cf40f0e6c2e2c2a78e0fe2c8629e9dfe6b3e032d36de8c1
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a8b892e8d3249c9f03d84f6bc3156debe6f66b65dfe9e5e40c699db3d1a7be0a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8F05C20E1ED591FD968F62C50416FB33D1FF94354F440839D40EC32A6DED86892C395
                                                                                                                                                                                                                                                                                                    Function 00007FF848A9AB4D Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 597e4d0649234d1d47fb912da0705795441a94f280d26a8719e672d9c3b0586b
                                                                                                                                                                                                                                                                                                    • Instruction ID: 970ca28d04df6bc7a88487ba1edaa3ea3014626b3d189c8977f3ff7785dceb84
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 597e4d0649234d1d47fb912da0705795441a94f280d26a8719e672d9c3b0586b
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2CF0F631C0E68C4FD351EF28841A1B8BBB0EF07304F5114EBD008CA0A2EB756858C356
                                                                                                                                                                                                                                                                                                    Function 00007FF848A98FC4 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 635e5e13638dad0706bff9aeeda516f9763e92de3ea22f5f7248455652e8ac6a
                                                                                                                                                                                                                                                                                                    • Instruction ID: 31597bf1011353fb3829fee989dba955e2e783f80937c3323b5b393f38ca581f
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 635e5e13638dad0706bff9aeeda516f9763e92de3ea22f5f7248455652e8ac6a
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6F08231B0EA498FD7A4DA4CE4C9B75B7E2FBA4351F4806A5C04CC7259C771EC458B86
                                                                                                                                                                                                                                                                                                    Function 00007FF848A8BC4A Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: 95560beb17076380e69d45bdccae06e3a9a9e393d7cdc19a61538cfd63a9d254
                                                                                                                                                                                                                                                                                                    • Instruction ID: e0534b6ad6175a292d707a16807ec863c065532cecaf79726c827eb6144b1179
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 95560beb17076380e69d45bdccae06e3a9a9e393d7cdc19a61538cfd63a9d254
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63F0F4B4E19959AFE784FA9898959BC73B1FF9CB40F400074E148D3292DE6DA8428715
                                                                                                                                                                                                                                                                                                    Function 00007FF848A88EFB Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: ecfc8a74304e23d4b73dfaa1d702b628a4aebdce6be3b3ab8715e2a5267e2332
                                                                                                                                                                                                                                                                                                    • Instruction ID: 83c2b44bd7f1d562bfc329be451bc32727c1782efa18d5e622dd789fb35edfbb
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ecfc8a74304e23d4b73dfaa1d702b628a4aebdce6be3b3ab8715e2a5267e2332
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5F0D470E1992C8EDB94EB58A8457FCB3B1FB59341F5040AAD00DE2281CFB45840CB26
                                                                                                                                                                                                                                                                                                    Function 00007FF848A89D15 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: e715d9d76869a9bebc409557a6a2220844104ad9ddddc6efa3cc1e57091ff3a1
                                                                                                                                                                                                                                                                                                    • Instruction ID: f98b7a73bce7234068c0331b91e19433c559530fe2a2947c61801d24468ce11d
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e715d9d76869a9bebc409557a6a2220844104ad9ddddc6efa3cc1e57091ff3a1
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62E0D852E0FA940FE266E77D38A31A47BD19B42500B0C44BEC40443287E9D93841866A
                                                                                                                                                                                                                                                                                                    Function 00007FF848A929A3 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: cb0c6ef8152dee9dc8b0203cffc068e8a1a465be75da9bcd991f036bd03ec370
                                                                                                                                                                                                                                                                                                    • Instruction ID: 2d6452cde34f5a9c735176f34b8e1684b07889c7c80e0dd30e5b5cc9c9603436
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb0c6ef8152dee9dc8b0203cffc068e8a1a465be75da9bcd991f036bd03ec370
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64D05E3010A2408FCB58AA28E080C80B790EF1220435509E8E0144B1E7D52ADC82CF01
                                                                                                                                                                                                                                                                                                    Function 00007FF848AA1B5D Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.3310535674.00007FF848A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A80000, based on PE: false
                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff848a80000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                    • Opcode ID: d5c30001a690ae1e223e95397ca2b06bb8906f59fd0880af311c4380f6208d1e
                                                                                                                                                                                                                                                                                                    • Instruction ID: a62d37b13f51b9f06b3c7cf9733f87c8a946ef9f3222fd0ae488961198a01d6c
                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5c30001a690ae1e223e95397ca2b06bb8906f59fd0880af311c4380f6208d1e
                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5AB09B61E49A49AF9594D51C100937557C6E7A4551B4401569049C2549DF6444430306