Source: AteraAgent.exe, 00000019.00000002.2726480877.00000241206BE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENT.PACKAGE.AVAILABILITY/0.19/AGENT.PACKAGE.AVAILABILITY.Z |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEAGENTINFORMATION/39.1/AGENTPACKAGEAGENTINFORMATI |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEMONITORING/38.1/AGENTPACKAGEMONITORING.ZIP |
Source: AteraAgent.exe, 00000019.00000002.2726480877.00000241206BE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEPROGRAMMANAGEMENT/26.9/AGENTPACKAGEPROGRAMMANAGE |
Source: AteraAgent.exe, 00000019.00000002.2726480877.00000241205AD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGERUNTIMEINSTALLER/1.6/AGENTPACKAGERUNTIMEINSTALLE |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGESTREMOTE/24.4/AGENTPACKAGESTREMOTE.ZIP |
Source: AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7724000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://a6dc35606b2c6816e.awsglobalaccelerator.com |
Source: AteraAgent.exe, 0000000D.00000000.1502628326.0000027814962000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B30F1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.00000241204A1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://acontrol.atera.com/ |
Source: AgentPackageAgentInformation.exe, 0000002B.00000002.2379974858.0000024E00145000.00000004.00000800.00020000.00000000.sdmp, AgentPackageInternalPoller.exe, 00000031.00000002.2135024435.000002DE5BC90000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000037.00000002.2375521044.000002940D037000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000037.00000002.2375521044.000002940CF1A000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMarketplace.exe, 00000039.00000002.2292283172.000001AFC5A32000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMarketplace.exe, 00000039.00000002.2292283172.000001AFC5ACE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://agent-api.atera.com |
Source: rundll32.exe, 00000005.00000002.1473960620.0000000004915000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3517000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B347C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3378000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36BD000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1588990529.00000000049C5000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.1653378207.00000282E5C15000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1653665388.0000021213C45000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120FA8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120BA3000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53FE9000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53EDE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53F73000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.1778954341.00000194805A2000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002B.00000002.2379974858.0000024E00145000.00000004.00000800.00020000.00000000.sdmp, AgentPackageInternalPoller.exe, 00000031.00000002.2135024435.000002DE5BC90000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000037.00000002.2375521044.000002940D037000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000037.00000002.2375521044.000002940CF1A000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMarketplace.exe, 00000039.00000002.2292283172.000001AFC5A32000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://atera-agent-api-eu.westeurope.cloudapp.azure.com |
Source: AgentPackageHeartbeat.exe, 00000035.00000002.2162325425.000001CA9F71D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://atera-agent-heartbeat-cus.servicebus.windows.net |
Source: AteraAgent.exe, 00000019.00000002.3048652033.00000241390B6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.dNcM |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024836617.000001F5CBE7B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB9A8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.0000024139203000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139183000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139173000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi, SQLite.Interop.dll.14.dr, System.Memory.dll3.25.dr, Microsoft.ApplicationInsights.dll.14.dr, Microsoft.Extensions.Configuration.EnvironmentVariables.dll.25.dr, System.Runtime.CompilerServices.Unsafe.dll5.25.dr, Microsoft.Extensions.Hosting.dll.25.dr, Agent.Package.Availability.exe.25.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB77D3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4Cod |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3517000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B347C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B378D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33FF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120E30000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120C5C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120C04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.00000241212E6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120E9D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120DC5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024121162000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt |
Source: AteraAgent.exe, 0000000D.00000002.1537165343.00000278166C9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1538019945.000002782EDD0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1540158114.000002782F0A9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024453951.000001F5CBE25000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024836617.000001F5CBE7B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2026890111.000001F5CC2EA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB9A8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD9F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139183000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139173000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3048652033.00000241390DB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.0000024139218000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3034482348.0000024138E49000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3048652033.000002413910B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3048652033.00000241390B6000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7742000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB77C2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB9A8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crty |
Source: AteraAgent.exe, 00000019.00000002.3064408544.000002413923F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA2 |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1538019945.000002782EDD0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1977772959.000001F5B2A57000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024836617.000001F5CBE7B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139183000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139173000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3048652033.000002413910B000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7742000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB77C2000.00000004.00000800.00020000.00000000.sdmp, Nota-fiscal2.1.msi, SQLite.Interop.dll.14.dr, System.Memory.dll3.25.dr, Microsoft.ApplicationInsights.dll.14.dr, Microsoft.Extensions.Configuration.EnvironmentVariables.dll.25.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB982000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024836617.000001F5CBE7B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2026890111.000001F5CC2EA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD9F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.1657300940.00000282FE33B000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.1657300940.00000282FE305000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1657823398.000002122C252000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1657823398.000002122C2C6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.0000024139203000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139183000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413923F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3034482348.0000024138E10000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139173000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi |
String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0 |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0 |
Source: AteraAgent.exe, 00000019.00000002.3048652033.00000241390B6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicz |
Source: AgentPackageMonitoring.exe, 00000022.00000002.1802723699.00000194F2CF8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.microsoft.M%~ |
Source: stvideo.dll.2.dr, hidkmdf.sys.2.dr |
String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: AteraAgent.exe, 0000000D.00000002.1538019945.000002782EEBC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/ |
Source: AteraAgent.exe, 00000019.00000002.3064408544.000002413923F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/Dig |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024836617.000001F5CBE7B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB9A8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.0000024139203000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139183000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139173000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi, SQLite.Interop.dll.14.dr, System.Memory.dll3.25.dr, Microsoft.ApplicationInsights.dll.14.dr, Microsoft.Extensions.Configuration.EnvironmentVariables.dll.25.dr, System.Runtime.CompilerServices.Unsafe.dll5.25.dr, Microsoft.Extensions.Hosting.dll.25.dr, Agent.Package.Availability.exe.25.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0 |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi |
String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0= |
Source: AteraAgent.exe, 0000000D.00000002.1538019945.000002782EDD0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1538019945.000002782EE53000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1538019945.000002782EEAB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD9F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl |
Source: AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD9F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl( |
Source: AteraAgent.exe, 0000000D.00000002.1537165343.00000278166C9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1538019945.000002782EDD0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1540158114.000002782F0A9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3517000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024453951.000001F5CBE25000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024836617.000001F5CBE7B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2026890111.000001F5CC2EA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB9A8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD9F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B347C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B378D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33FF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.0000024139203000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120E30000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120C5C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120C04000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB9A8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlhttp://crl4.digicert.co |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1538019945.000002782EDD0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1977772959.000001F5B2A57000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024836617.000001F5CBE7B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD9F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139183000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139173000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3048652033.000002413910B000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7742000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB77C2000.00000004.00000800.00020000.00000000.sdmp, Nota-fiscal2.1.msi, SQLite.Interop.dll.14.dr, System.Memory.dll3.25.dr, Microsoft.ApplicationInsights.dll.14.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: AteraAgent.exe, 0000000D.00000002.1538019945.000002782EEBC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl |
Source: AteraAgent.exe, 0000000D.00000002.1538019945.000002782EEAB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl) |
Source: Newtonsoft.Json.dll6.25.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: AteraAgent.exe, 0000000D.00000002.1538019945.000002782EDD0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlL |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi |
String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: AteraAgent.exe, 0000000D.00000002.1540158114.000002782F09A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlx |
Source: AteraAgent.exe, 0000000D.00000002.1538019945.000002782EEAB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedRootG4.crllorer |
Source: AteraAgent.exe, 0000000D.00000002.1538019945.000002782EEBC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/ |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: AteraAgent.exe, 0000000D.00000002.1538019945.000002782EDD0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1538019945.000002782EEAB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3517000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD9F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B347C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B378D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33FF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120E30000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120C5C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120C04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.00000241212E6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120E9D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120DC5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024121162000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl |
Source: AteraAgent.exe, 0000000D.00000002.1537165343.00000278166C9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1538019945.000002782EDD0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1540158114.000002782F0A9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024453951.000001F5CBE25000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024836617.000001F5CBE7B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2026890111.000001F5CC2EA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB9A8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD9F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139183000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413923F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139173000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.0000024139218000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3034482348.0000024138E49000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3048652033.000002413910B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3048652033.00000241390B6000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7742000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB77C2000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0 |
Source: AteraAgent.exe, 0000000D.00000002.1538019945.000002782EEAB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl3 |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl8 |
Source: AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD9F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl: |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi |
String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0= |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: AteraAgent.exe, 0000000D.00000002.1540158114.000002782F09A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl |
Source: AteraAgent.exe, 00000019.00000002.3063401786.0000024139173000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.iCertTrustedG4Co842021CA1.cr |
Source: AteraAgent.exe, 00000019.00000002.3063401786.0000024139173000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crlertTrustedG4eStampingCA.crl0 |
Source: AteraAgent.exe, 00000019.00000002.2693235801.000002411FC2B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/ |
Source: AteraAgent.exe, 00000019.00000002.2693235801.000002411FC2B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/13 |
Source: AteraAgent.exe, 00000019.00000002.2693235801.000002411FC2B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/e |
Source: AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD9F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabion |
Source: AteraAgent.exe, 00000019.00000002.3034482348.0000024138EEA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3034482348.0000024138E10000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3048652033.00000241390B6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab |
Source: AteraAgent.exe, 00000019.00000002.3064408544.00000241391BD000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3034482348.0000024138E49000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?46214fc |
Source: AteraAgent.exe, 00000019.00000002.3048652033.000002413910B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4af06e5 |
Source: AteraAgent.exe, 00000019.00000002.3034482348.0000024138E49000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?84dee2f |
Source: AteraAgent.exe, 00000019.00000002.3048652033.0000024139050000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3048652033.000002413910B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?aa13a83 |
Source: AteraAgent.exe, 00000019.00000002.3048652033.000002413910B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?ee7937b |
Source: AteraAgent.exe, 00000019.00000002.3048652033.00000241390DB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.caba |
Source: AteraAgent.exe, 00000019.00000002.3064408544.00000241391C3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cabb |
Source: AteraAgent.exe, 00000019.00000002.3048652033.00000241390DB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cabj |
Source: AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBDF9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enb |
Source: AteraAgent.exe, 00000019.00000002.2693235801.000002411FC2B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com/p |
Source: AteraAgent.exe, 00000019.00000002.3048652033.000002413910B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3543 |
Source: AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7766000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://d17kmd0va0f0mp.cloudfront.net |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://d25btwd9wax8gu.cloudfront.net |
Source: AgentPackageAgentInformation.exe, 00000013.00000000.1628585052.00000282E5052000.00000002.00000001.01000000.00000016.sdmp |
String found in binary or memory: http://dl.google.com/googletalk/googletalk-setup.exe |
Source: AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7766000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://download.splashtop.com |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264801E1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://gig-ai-prod-weur-0-app-v4-tag.westeurope.cloudapp.azure.com |
Source: Newtonsoft.Json.dll6.25.dr |
String found in binary or memory: http://james.newtonking.com/projects/json |
Source: AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7724000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://my.splashtop.com |
Source: AgentPackageMonitoring.exe, 00000022.00000002.1798493130.00000194F1E72000.00000002.00000001.01000000.00000023.sdmp |
String found in binary or memory: http://nlog-project.org/dummynamespace/ |
Source: AgentPackageMonitoring.exe, 00000022.00000002.1798493130.00000194F1E72000.00000002.00000001.01000000.00000023.sdmp |
String found in binary or memory: http://nlog-project.org/ws/ |
Source: AgentPackageMonitoring.exe, 00000022.00000002.1798493130.00000194F1E72000.00000002.00000001.01000000.00000023.sdmp |
String found in binary or memory: http://nlog-project.org/ws/3 |
Source: AgentPackageMonitoring.exe, 00000022.00000002.1798493130.00000194F1E72000.00000002.00000001.01000000.00000023.sdmp |
String found in binary or memory: http://nlog-project.org/ws/5 |
Source: AgentPackageMonitoring.exe, 00000022.00000002.1798493130.00000194F1E72000.00000002.00000001.01000000.00000023.sdmp |
String found in binary or memory: http://nlog-project.org/ws/ILogReceiverOneWayServer/ProcessLogMessages |
Source: AgentPackageMonitoring.exe, 00000022.00000002.1798493130.00000194F1E72000.00000002.00000001.01000000.00000023.sdmp |
String found in binary or memory: http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesResponsep |
Source: AgentPackageMonitoring.exe, 00000022.00000002.1798493130.00000194F1E72000.00000002.00000001.01000000.00000023.sdmp |
String found in binary or memory: http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesT |
Source: AgentPackageMonitoring.exe, 00000022.00000002.1798493130.00000194F1E72000.00000002.00000001.01000000.00000023.sdmp |
String found in binary or memory: http://nlog-project.org/ws/T |
Source: AgentPackageHeartbeat.exe, 00000035.00000002.2162325425.000001CA9F71D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ns-prod-dm2-az501.centralus.cloudapp.azure.com |
Source: AteraAgent.exe, 00000019.00000002.3048652033.00000241390B6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.c |
Source: AteraAgent.exe, 00000019.00000002.3048652033.00000241390B6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.cLcK |
Source: AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBDF9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com/ |
Source: AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBDF9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rh |
Source: AteraAgent.exe, 0000000D.00000002.1538019945.000002782EDD0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1536126952.0000027814ABF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB9A8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX |
Source: AteraAgent.exe, 0000000D.00000002.1537165343.00000278166C9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1538019945.000002782EDD0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1540158114.000002782F0A9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3517000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024453951.000001F5CBE25000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024836617.000001F5CBE7B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2026890111.000001F5CC2EA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB9A8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD9F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B347C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B378D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33FF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120E30000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120C5C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120C04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139183000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB982000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024836617.000001F5CBE7B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2026890111.000001F5CC2EA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD9F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.1657300940.00000282FE33B000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.1657300940.00000282FE305000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1657823398.000002122C252000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1657823398.000002122C2C6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.0000024139203000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139183000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413923F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3034482348.0000024138E10000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139173000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024836617.000001F5CBE7B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB9A8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.0000024139203000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139183000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139173000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi, SQLite.Interop.dll.14.dr, System.Memory.dll3.25.dr, Microsoft.ApplicationInsights.dll.14.dr, Microsoft.Extensions.Configuration.EnvironmentVariables.dll.25.dr, System.Runtime.CompilerServices.Unsafe.dll5.25.dr, Microsoft.Extensions.Hosting.dll.25.dr, Agent.Package.Availability.exe.25.dr |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi |
String found in binary or memory: http://ocsp.digicert.com0K |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi |
String found in binary or memory: http://ocsp.digicert.com0N |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi |
String found in binary or memory: http://ocsp.digicert.com0O |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1538019945.000002782EDD0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1977772959.000001F5B2A57000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024836617.000001F5CBE7B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139183000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413923F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139173000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3048652033.000002413910B000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7742000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB77C2000.00000004.00000800.00020000.00000000.sdmp, Nota-fiscal2.1.msi, SQLite.Interop.dll.14.dr, System.Memory.dll3.25.dr, Microsoft.ApplicationInsights.dll.14.dr |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBDF9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRS |
Source: AteraAgent.exe, 0000000D.00000002.1538019945.000002782EE53000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB9A8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com:80/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF |
Source: AteraAgent.exe, 0000000D.00000002.1538019945.000002782EDD0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertAssuredIDRootCA.crl |
Source: AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB9A8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD80000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3048652033.0000024139050000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr |
Source: AteraAgent.exe, 0000000E.00000002.2024453951.000001F5CBE2B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3034482348.0000024138E49000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl |
Source: stvideo.dll.2.dr, hidkmdf.sys.2.dr |
String found in binary or memory: http://ocsp.thawte.com0 |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ps.atera.com |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3517000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3378000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120C04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F05000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120BA3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ps.pndsn.com |
Source: stvideo.dll.2.dr |
String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
Source: stvideo.dll.2.dr |
String found in binary or memory: http://s2.symcb.com0 |
Source: AteraAgent.exe, 0000000D.00000002.1537165343.00000278166C9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.datacontract.org |
Source: AteraAgent.exe, 0000000D.00000002.1537165343.00000278166C9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.datacontract.org/2004/07/ |
Source: AteraAgent.exe, 0000000D.00000002.1537165343.00000278166C9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceProcess |
Source: AgentPackageMonitoring.exe, 00000022.00000002.1798493130.00000194F1E72000.00000002.00000001.01000000.00000023.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/ |
Source: rundll32.exe, 00000005.00000002.1473960620.00000000048F4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1473960620.0000000004851000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B30F1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1588990529.0000000004901000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1588990529.00000000049A7000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.1653378207.00000282E5AF9000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1653665388.0000021213BDB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.00000241204A1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53FA3000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53D21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.1727545424.0000029DE403A000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7692000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.1778954341.00000194800EF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002B.00000002.2379974858.0000024E00001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.2022321033.0000011032D2A000.00000004.00000800.00020000.00000000.sdmp, AgentPackageTicketing.exe, 0000002F.00000002.2680543231.0000022C80001000.00000004.00000800.00020000.00000000.sdmp, AgentPackageInternalPoller.exe, 00000031.00000002.2135024435.000002DE5BB90000.00000004.00000800.00020000.00000000.sdmp, AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264801B7000.00000004.00000800.00020000.00000000.sdmp, AgentPackageHeartbeat.exe, 00000035.00000002.2162325425.000001CA9F601000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000037.00000002.2375521044.000002940CDDF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMarketplace.exe, 00000039.00000002.2292283172.000001AFC59B9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: stvideo.dll.2.dr |
String found in binary or memory: http://sv.symcb.com/sv.crl0f |
Source: stvideo.dll.2.dr |
String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: stvideo.dll.2.dr |
String found in binary or memory: http://sv.symcd.com0& |
Source: stvideo.dll.2.dr, hidkmdf.sys.2.dr |
String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: stvideo.dll.2.dr, hidkmdf.sys.2.dr |
String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: stvideo.dll.2.dr, hidkmdf.sys.2.dr |
String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264801E1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://westeurope-5.in.applicationinsights.azure.com |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi |
String found in binary or memory: http://wixtoolset.org |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E27000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.00000000046D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000491D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047A3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E27000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.00000000046D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000491D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047A3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://wixtoolset.org/news/ |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E27000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.00000000046D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000491D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047A3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://wixtoolset.org/releases/ |
Source: AgentPackageMonitoring.exe, 00000022.00000002.1795199882.00000194F1BA2000.00000002.00000001.01000000.00000020.sdmp, AgentPackageMonitoring.exe, 00000037.00000002.2375521044.000002940CBEA000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000037.00000002.2375521044.000002940D0F7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.abit.com.tw/ |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3517000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B347C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B378D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33FF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120E30000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120C5C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120C04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.00000241212E6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120E9D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120DC5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024121143000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.digicert.com/CPS |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1537165343.00000278166C9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1538019945.000002782EDD0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1540158114.000002782F0A9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024453951.000001F5CBE25000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024836617.000001F5CBE7B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2026890111.000001F5CC2EA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB9A8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD9F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.0000024139203000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139183000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139173000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3034482348.0000024138E49000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3048652033.000002413910B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: stvideo.dll.2.dr |
String found in binary or memory: http://www.symauth.com/cps0( |
Source: stvideo.dll.2.dr |
String found in binary or memory: http://www.symauth.com/rpa00 |
Source: AteraAgent.exe, 0000000D.00000002.1537165343.00000278166C9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.w3.o |
Source: AteraAgent.exe, 0000000D.00000002.1537165343.00000278166C9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.w3.oh |
Source: AgentPackageHeartbeat.exe, 00000035.00000000.2068699034.000001CA9ECB2000.00000002.00000001.01000000.0000002B.sdmp |
String found in binary or memory: https://1.servicebus.windows.net/ |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120FA8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.P |
Source: AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53FA3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.P2 |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120FA8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.PR |
Source: rundll32.exe, 00000005.00000002.1473960620.00000000048F4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1588990529.00000000049A7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.aterD |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120FA8000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53DBF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53EDE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53FA3000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53F73000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53D21000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.1778954341.00000194800EF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002B.00000002.2379974858.0000024E00001000.00000004.00000800.00020000.00000000.sdmp, AgentPackageTicketing.exe, 0000002F.00000002.2680543231.0000022C80001000.00000004.00000800.00020000.00000000.sdmp, AgentPackageInternalPoller.exe, 00000031.00000002.2135024435.000002DE5BB90000.00000004.00000800.00020000.00000000.sdmp, AgentPackageInternalPoller.exe, 00000031.00000002.2135024435.000002DE5BC8A000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000037.00000002.2375521044.000002940CDDF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000037.00000002.2375521044.000002940CF1A000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMarketplace.exe, 00000039.00000002.2292283172.000001AFC59B9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E27000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.00000000046D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1473960620.00000000048F4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1473960620.0000000004851000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000491D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1588990529.0000000004901000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047A3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1588990529.00000000049A7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/ |
Source: AgentPackageAgentInformation.exe, 0000002B.00000002.2379974858.0000024E0024C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Prh |
Source: AgentPackageAgentInformation.exe, 00000013.00000002.1653378207.00000282E5AF9000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1653665388.0000021213BDB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53DBF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53EDE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53F73000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E27000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.00000000046D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1473960620.00000000048F4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1473960620.0000000004851000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000491D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3517000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3378000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36BD000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1588990529.0000000004901000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047A3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1588990529.00000000049A7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/Agent/ |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36BD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/Agent/AcknowledgeCommands |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120FA8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/Agent/Age |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31A1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3378000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120FA8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting) |
Source: AgentPackageAgentInformation.exe, 00000013.00000002.1653378207.00000282E5AF9000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1653665388.0000021213BDB000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/Agent/CommandResult |
Source: AgentPackageTicketing.exe, 0000002F.00000002.2680543231.0000022C80001000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/Agent/CommandResultRecurring/AgentPackageTicketingInstallHelp |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120E9D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetComm |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3174000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.00000241207D6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.00000241205AD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.00000241206B8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommands |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31A1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.00000241207D6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120500000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120E9D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallback |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B30F1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetEnvironmentStatus |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B30F1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages.com/v2/subscribe/sub-c-a02ceca8-a9 |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120500000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/Agent/Trace |
Source: AgentPackageInternalPoller.exe, 00000031.00000002.2135024435.000002DE5BB90000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/Agent/agentMonitoredDevices/91d65b6a-c69b-4419-a93a-e6e1d23bb |
Source: AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53FA3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/Agent/dynamic-fields/ |
Source: AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53FA3000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53D21000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/Agent/dynamic-fields/script-based |
Source: AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53DBF000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/Agent/guiCommandResult |
Source: AgentPackageAgentInformation.exe, 0000002B.00000002.2379974858.0000024E0024C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/Agent/recurringCo |
Source: AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53EDE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53F73000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002B.00000002.2379974858.0000024E00001000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002B.00000002.2379974858.0000024E0024C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/Agent/recurringCommandResult |
Source: AgentPackageMonitoring.exe, 00000022.00000002.1778954341.00000194800EF000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/Agent/thresholds/91d65b6a-c69b-4419-a93a-e6e1d23bb212 |
Source: rundll32.exe, 00000005.00000002.1473960620.00000000048F4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1473960620.0000000004851000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1588990529.0000000004901000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1588990529.00000000049A7000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event |
Source: rundll32.exe, 00000005.00000002.1473960620.0000000004936000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1588990529.00000000049E6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event; |
Source: AgentPackageMonitoring.exe, 00000037.00000002.2375521044.000002940CDDF000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/Alerts/AddAlertsFromAgent |
Source: AgentPackageMonitoring.exe, 00000037.00000002.2375521044.000002940CFB4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/monitoring/v1/MonitoringPackage/AddAgentMetrics |
Source: AgentPackageMonitoring.exe, 00000037.00000002.2375521044.000002940CFB4000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/monitoring/v1/MonitoringPackage/AddAgentMetrics0 |
Source: AgentPackageMarketplace.exe, 00000039.00000002.2292283172.000001AFC59B9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/v1/Provision/scripts?operatingSystem=Windows |
Source: AgentPackageMarketplace.exe, 00000039.00000002.2292283172.000001AFC5A61000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.atera.com/Production/v1/Provision/sync |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F05000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent-api.hhb |
Source: AgentPackageSystemTools.exe, 0000003A.00000002.2162545344.000001CCB34C2000.00000002.00000001.01000000.00000033.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB36AE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB363C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent.azureserviceprofiler.net/ |
Source: AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB363C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent.azureserviceprofiler.net/X |
Source: AgentPackageSystemTools.exe, 0000003A.00000002.2162545344.000001CCB34C2000.00000002.00000001.01000000.00000033.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB36AE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB363C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://agent.azureserviceprofiler.net/p |
Source: Agent.Package.Watchdog.exe, 00000042.00000000.2135326753.00007FF6906C7000.00000002.00000001.01000000.0000002F.sdmp, Agent.Package.Watchdog.exe, 00000042.00000002.2145854029.00007FF6906C7000.00000002.00000001.01000000.0000002F.sdmp, Agent.Package.Availability.exe.25.dr |
String found in binary or memory: https://aka.ms/dotnet-core-applaunch? |
Source: Agent.Package.Watchdog.exe, 00000042.00000000.2135326753.00007FF6906C7000.00000002.00000001.01000000.0000002F.sdmp, Agent.Package.Watchdog.exe, 00000042.00000002.2145854029.00007FF6906C7000.00000002.00000001.01000000.0000002F.sdmp, Agent.Package.Availability.exe.25.dr |
String found in binary or memory: https://aka.ms/dotnet-core-applaunch?Architecture: |
Source: Agent.Package.Watchdog.exe, 00000042.00000002.2143865050.00000235EBD1C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win-x64&os=win10&apphost_vers |
Source: AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, Agent.Package.Watchdog.exe, 00000042.00000000.2135326753.00007FF6906C7000.00000002.00000001.01000000.0000002F.sdmp, Agent.Package.Watchdog.exe, 00000042.00000002.2145854029.00007FF6906C7000.00000002.00000001.01000000.0000002F.sdmp, Agent.Package.Watchdog.exe, 00000042.00000002.2143865050.00000235EBD1C000.00000004.00000020.00020000.00000000.sdmp, Agent.Package.Availability.exe.25.dr |
String found in binary or memory: https://aka.ms/dotnet/app-launch-failed |
Source: powershell.exe, 0000001E.00000002.1727545424.0000029DE3FEA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6 |
Source: powershell.exe, 0000001E.00000002.1727545424.0000029DE400A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.2022321033.0000011032CFF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.2022321033.0000011032D2A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: AgentPackageTicketing.exe, 0000002F.00000002.2680543231.0000022C8007F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.nuget.org |
Source: AgentPackageTicketing.exe, 0000002F.00000002.2680543231.0000022C8007F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://api.nuget.org/v3-flatcontainer/eo.webbrowser/24.1.46/eo.webbrowser.24.1.46.nupkg |
Source: AgentPackageHeartbeat.exe, 00000035.00000002.2162325425.000001CA9F70E000.00000004.00000800.00020000.00000000.sdmp, AgentPackageHeartbeat.exe, 00000035.00000002.2162325425.000001CA9F601000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://atera-agent-heartbeat-cus.servicebus.windows.net |
Source: AgentPackageHeartbeat.exe, 00000035.00000002.2162325425.000001CA9F601000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://atera-agent-heartbeat-cus.servicebus.windows.net/ |
Source: AgentPackageHeartbeat.exe, 00000035.00000002.2162325425.000001CA9F601000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://atera-agent-heartbeat-cus.servicebus.windows.net/agentheartbeat/messages |
Source: stvideo.dll.2.dr |
String found in binary or memory: https://d.symcb.com/cps0% |
Source: stvideo.dll.2.dr |
String found in binary or memory: https://d.symcb.com/rpa0 |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264802BA000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB36AA000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB363C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://dc.services.visualstudio.com |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264802BA000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB363C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://dc.services.visualstudio.com/ |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2405073679.00000264F6672000.00000002.00000001.01000000.0000004B.sdmp |
String found in binary or memory: https://dc.services.visualstudio.com/Jhttps://rt.services.visualstudio.com/Fhttps://profiler.monitor |
Source: AgentPackageSystemTools.exe, 0000003A.00000002.2162545344.000001CCB34C2000.00000002.00000001.01000000.00000033.sdmp |
String found in binary or memory: https://dc.services.visualstudio.com/Jhttps://rt.services.visualstudio.com/Nhttps://agent.azureservi |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.000002648026B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB363C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://dc.services.visualstudio.com/X |
Source: AgentPackageSystemTools.exe, 0000003A.00000002.2162545344.000001CCB34C2000.00000002.00000001.01000000.00000033.sdmp, Microsoft.ApplicationInsights.dll.14.dr |
String found in binary or memory: https://dc.services.visualstudio.com/api/profiles/ |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2405073679.00000264F6672000.00000002.00000001.01000000.0000004B.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2162545344.000001CCB34C2000.00000002.00000001.01000000.00000033.sdmp |
String found in binary or memory: https://dc.services.visualstudio.com/f |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.0000026480359000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB36AE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://dc.services.visualstudio.com/p |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264802BA000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB36AA000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB363C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://dc.services.visualstudio.com/v2/track |
Source: Microsoft.ApplicationInsights.dll.14.dr |
String found in binary or memory: https://dc.services.visualstudio.com/v2/trackOStartRunnerEvent |
Source: Microsoft.ApplicationInsights.dll.14.dr |
String found in binary or memory: https://dc.services.visualstudio.com/v2/trackvhttps://dc.services.visualstudio.com/api/profiles/ |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264802BA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://dc.services.visualstudio.com8 |
Source: AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB774A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://download.splashtop.com |
Source: AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7724000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7746000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB774A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://download.splashtop.com/csrs/Splashtop_Streamer_Win_DEPLOY_INSTALLER_v3.7.2.4.exe |
Source: AgentPackageADRemote.exe, 0000003D.00000002.2179672190.000001E72377C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://get.an |
Source: AgentPackageADRemote.exe, 0000003D.00000002.2179672190.000001E72376D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://get.anydesk.com/8CQsu9kv/AnyDesk_Custom_Client.msi |
Source: AgentPackageADRemote.exe, 0000003D.00000002.2179672190.000001E72377C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://get.anydesk.com/8CQsu9kv/AnyDesk_Custom_Client.msi( |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2381256281.00000264F6352000.00000002.00000001.01000000.00000048.sdmp |
String found in binary or memory: https://github.com/App-vNext/Polly.git |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.1655475807.00000282FE1F2000.00000002.00000001.01000000.00000019.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.1799914480.00000194F1F52000.00000002.00000001.01000000.00000024.sdmp, AgentPackageInternalPoller.exe, 00000031.00000002.2166259653.000002DE74410000.00000002.00000001.01000000.00000036.sdmp, Newtonsoft.Json.dll6.25.dr |
String found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.000002648019F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.0000026480359000.00000004.00000800.00020000.00000000.sdmp, AgentPackageOsUpdates.exe, 00000032.00000002.2405073679.00000264F6672000.00000002.00000001.01000000.0000004B.sdmp |
String found in binary or memory: https://github.com/Microsoft/ApplicationInsights-dotnet |
Source: System.Memory.dll3.25.dr |
String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f |
Source: System.Memory.dll3.25.dr |
String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8 |
Source: Microsoft.Extensions.Configuration.EnvironmentVariables.dll.25.dr, Microsoft.Extensions.Hosting.dll.25.dr, Microsoft.Extensions.DependencyInjection.dll0.25.dr |
String found in binary or memory: https://github.com/dotnet/runtime |
Source: AteraAgent.exe, 0000000E.00000002.2026188476.000001F5CC1D2000.00000002.00000001.01000000.00000027.sdmp |
String found in binary or memory: https://github.com/icsharpcode/SharpZipLib |
Source: AgentPackageInternalPoller.exe, 00000031.00000002.2218687866.000002DE74772000.00000002.00000001.01000000.0000003D.sdmp |
String found in binary or memory: https://github.com/lextudio/sharpsnmplib.git |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2405073679.00000264F6672000.00000002.00000001.01000000.0000004B.sdmp |
String found in binary or memory: https://github.com/microsoft/ApplicationInsights-dotnet/issues/2560 |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2405073679.00000264F6672000.00000002.00000001.01000000.0000004B.sdmp |
String found in binary or memory: https://monitor.azure.com//.default |
Source: AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7692000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://my.splashtop.com |
Source: AgentPackageSTRemote.exe, 00000020.00000000.1710763680.000001FCB6AA2000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7692000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://my.splashtop.com/csrs/win |
Source: AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7692000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://my.splashtop.comP |
Source: AgentPackageMonitoring.exe, 00000022.00000002.1799785537.00000194F1F48000.00000002.00000001.01000000.00000023.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.1798493130.00000194F1E72000.00000002.00000001.01000000.00000023.sdmp |
String found in binary or memory: https://nlog-project.org/ |
Source: AgentPackageMonitoring.exe, 00000022.00000000.1737446041.00000194F0A92000.00000002.00000001.01000000.0000001C.sdmp |
String found in binary or memory: https://packagesstore.blob.core.windows.net/installers/BitDefender/rmm.zip |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264800D6000.00000004.00000800.00020000.00000000.sdmp, AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.0000026480359000.00000004.00000800.00020000.00000000.sdmp, AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264802BA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://profiler.monitor.azure.com/ |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2405073679.00000264F6672000.00000002.00000001.01000000.0000004B.sdmp |
String found in binary or memory: https://profiler.monitor.azure.com/l |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.0000026480359000.00000004.00000800.00020000.00000000.sdmp, AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264802BA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://profiler.monitor.azure.com/p |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120542000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120566000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/a |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/ag |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3147000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agen |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3362000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.16/AgentPackage |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3362000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.16/AgentPackageA |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3550000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.16/AgentPackageAg |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3538000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.16/AgentPackageAge |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3362000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.16/AgentPackageAgentI |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3550000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3538000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageMonitoring/0.6/AgentPackageMonitoring.zi |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3538000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36BD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageSTRemote/2.8/AgentPackageSTRemote.zip |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3550000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageSTRemote/2.8/AgentPackageSTRemote.ziph |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B316C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120542000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Availability/0.19/Agent.Package.Availability.zip |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Watchdog/2.0/Agent.Package.Watchdog.zip |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageADRemote/6.0/AgentPackageADRemote.zip |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3362000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3538000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageAgentInformation/39.1/AgentPackageAgentInformation |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageHeartbeat/17.11/AgentPackageHeartbeat.zip |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageInternalPoller/13.0/AgentPackageInternalPoller.zip |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zip |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3538000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageMonitoring/38.1/AgentPackageMonitoring.zip |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3550000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageMonitoring/38.1/AgentPackageMonitoring.ziph |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageNetworkDiscovery/13.0/AgentPackageNetworkDiscovery |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageOsUpdates/30.3/AgentPackageOsUpdates.zip |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B316C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120542000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageProgramManagement/26.9/AgentPackageProgramManageme |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller. |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3538000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageSTRemote/24.4/AgentPackageSTRemote.zip |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3550000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageSTRemote/24.4/AgentPackageSTRemote.ziph |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3147000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageSystemTools/27.12/AgentPackageSystemTools.zip |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageTaskScheduler/13.0/AgentPackageTaskScheduler.zip |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageTicketing/13.0/AgentPackageTicketing.zip |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B316C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120542000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageUpgradeAgent/28.3/AgentPackageUpgradeAgent.zip |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zip |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesne |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Availability/0.19/Agent.Package.Availability.z |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/2.0/Agent.Package.Watchdog.zip |
Source: AteraAgent.exe, 00000019.00000002.2726480877.00000241205AD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/2.0/Agent.Package.Watchdog.zip?BBfn7n |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/2.0/Agent.Package.Watchdog.ziptL2Rvd2 |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zip |
Source: AteraAgent.exe, 00000019.00000002.2726480877.00000241205AD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zip?BBfn7nWVYn |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120566000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/39.1/AgentPackageAgentInformati |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120566000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageHeartbeat/17.14/AgentPackageHeartbeat.zip |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120566000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageInternalPoller/23.8/AgentPackageInternalPoller.z |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120566000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zip |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3538000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120566000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/38.1/AgentPackageMonitoring.zip |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/38.1/AgentPackageMonitoring.zip?BBfn7 |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3550000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/38.1/AgentPackageMonitoring.ziph |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageNetworkDiscovery/23.9/AgentPackageNetworkDiscove |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120566000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageOsUpdates/30.3/AgentPackageOsUpdates.zip |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.00000241206BE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageProgramManagement/26.9/AgentPackageProgramManage |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120500000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageRuntimeInstaller/1.6/AgentPackageRuntimeInstalle |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3538000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120566000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/24.4/AgentPackageSTRemote.zip |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36BD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/24.4/AgentPackageSTRemote.zip?BBfn7nWVY |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3550000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/24.4/AgentPackageSTRemote.ziph |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3147000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120566000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSystemTools/27.12/AgentPackageSystemTools.zip |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zip |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120566000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTicketing/30.3/AgentPackageTicketing.zip |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120566000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTicketing/30.3/AgentPackageTicketing.zip?BBfn7nW |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageUpgradeAgent/28.3/AgentPackageUpgradeAgent.zip |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zip |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B316C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120542000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Availability/13.0/Agent.Package.Availability.zip |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.IotPoc/13.0/Agent.Package.IotPoc.zip |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Watchdog/13.0/Agent.Package.Watchdog.zip |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3538000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackag |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageADRemote/1.2/AgentPackageADRemote.zip |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3362000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3538000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageAgentInformation/22.7/AgentPackageAgentInformation |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageHeartbeat/16.9/AgentPackageHeartbeat.zip |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageInternalPoller/15.9/AgentPackageInternalPoller.zip |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3147000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageMarketplace/13.0/AgentPackageMarketplace.zip |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3550000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3538000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageMonitoring/22.0/AgentPackageMonitoring.zip |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageNetworkDiscovery/15.0/AgentPackageNetworkDiscovery |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageOsUpdates/1.0/AgentPackageOsUpdates.zip |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B316C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120542000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageProgramManagement/15.5/AgentPackageProgramManageme |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstaller |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3550000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageSTRemote/16.0/AgentPackageSTRemote.zip |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3147000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageSystemTools/18.9/AgentPackageSystemTools.zip |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageTaskScheduler/13.1/AgentPackageTaskScheduler.zip |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageTicketing/18.9/AgentPackageTicketing.zip |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B316C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120542000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageUpgradeAgent/22.1/AgentPackageUpgradeAgent.zip |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageWindowsUpdate/18.3/AgentPackageWindowsUpdate.zip |
Source: AgentPackageTicketing.exe, 0000002F.00000002.2680543231.0000022C8007F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/installers/EO.WebBrowser/eo.webbrowser.24.1.46.nupkgX |
Source: AgentPackageSTRemote.exe, 00000020.00000000.1710763680.000001FCB6AA2000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7692000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.atera.com/installers/splashtop/win/SplashtopStreamer.exe |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3517000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36CE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3378000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120FFE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120EB3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120E9D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120BA3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.pndsn |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3517000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36CE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31A1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3378000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120FFE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120EB3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120C04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F05000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120500000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120E9D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120BA3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.pndsn.com |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=04c419ce-8fcd-49f9-be24-0663224247f8 |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B32B6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=231e6881-379a-45eb-aedc-4edc31c26941 |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31A1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=29b188da-3276-49e4-a874-132f79b96e1c |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36BD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=33fac9c2-af36-43d8-b9fc-9310f16f1bd1 |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120500000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=43b2efef-6888-4dd5-8d1b-ad938e90a3c0 |
Source: AteraAgent.exe, 00000019.00000002.2726480877.00000241205AD000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=575db6d6-acb6-4b36-b64c-dc6e16284ee1 |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3517000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=5a6e0109-47cb-4613-b1ad-bafddd1f0e02 |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3378000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8ac4e392-2445-4b64-9529-422c90532705 |
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a49f00b6-cd3a-432b-977d-ed047bcba6b2 |
Source: AteraAgent.exe, 00000019.00000002.2726480877.00000241206B8000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ab0deb13-b4ac-4f5b-b624-1f88ee6800cc |
Source: AteraAgent.exe, 00000019.00000002.2726480877.00000241207D6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=af32ba86-f2e1-4bd5-8642-e9ef40e9422b |
Source: AteraAgent.exe, 00000019.00000002.2726480877.00000241207D6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cfc0470e-8429-469b-9d80-d76afb8504d6 |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120BA3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f454c076-9f1f-4d1c-aa37-f829172df9d3 |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120E9D000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.pndsn.com/v2 |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120BA3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.pndsn.com/v2/presence/sub_k |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120E9D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120BA3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/91d65b6a |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120FC0000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.pndsn.com/v2/subscrib |
Source: AteraAgent.exe, 00000019.00000002.2726480877.00000241207D6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.pndsn.com/v2/subscribe/su |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120E30000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-b |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120566000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c- |
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120BA3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120FC0000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/91d65b6a-c69b-4419-a93a |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264802BA000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB363C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://rt.services.visualstudio.com/ |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2405073679.00000264F6672000.00000002.00000001.01000000.0000004B.sdmp |
String found in binary or memory: https://rt.services.visualstudio.com/l |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.0000026480359000.00000004.00000800.00020000.00000000.sdmp, AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264802BA000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2162545344.000001CCB34C2000.00000002.00000001.01000000.00000033.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB36AE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB363C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://rt.services.visualstudio.com/p |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264802BA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://snapshot.monitor |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264800D6000.00000004.00000800.00020000.00000000.sdmp, AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.0000026480359000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://snapshot.monitor.azure.com/ |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2405073679.00000264F6672000.00000002.00000001.01000000.0000004B.sdmp |
String found in binary or memory: https://snapshot.monitor.azure.com/& |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.0000026480359000.00000004.00000800.00020000.00000000.sdmp, AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264802BA000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://snapshot.monitor.azure.com/p |
Source: AgentPackageMonitoring.exe, 00000022.00000002.1801345102.00000194F2012000.00000002.00000001.01000000.00000025.sdmp |
String found in binary or memory: https://system.data.sqlite.org/ |
Source: AgentPackageMonitoring.exe, 00000022.00000002.1802279327.00000194F2074000.00000002.00000001.01000000.00000025.sdmp |
String found in binary or memory: https://system.data.sqlite.org/X |
Source: AgentPackageMonitoring.exe, 00000022.00000002.1801345102.00000194F2012000.00000002.00000001.01000000.00000025.sdmp |
String found in binary or memory: https://urn.to/r/sds_see |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.0000026480359000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://westeurope-5.in.applicationinsights.azure.co |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.0000026480359000.00000004.00000800.00020000.00000000.sdmp, AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264801B7000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB36AE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://westeurope-5.in.applicationinsights.azure.com |
Source: AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB36AE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://westeurope-5.in.applicationinsights.azure.com/ |
Source: AgentPackageOsUpdates.exe, 00000032.00000000.2058477375.00000264F5232000.00000002.00000001.01000000.0000002A.sdmp, AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.000002648026B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB35C1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000000.2100922573.000001CCB2C22000.00000002.00000001.01000000.0000002D.sdmp |
String found in binary or memory: https://westeurope-5.in.applicationinsights.azure.com/;LiveEndpoint=https://westeurope.livediagnosti |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.0000026480359000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB36AE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://westeurope-5.in.applicationinsights.azure.com/api/profiles/ |
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264800D6000.00000004.00000800.00020000.00000000.sdmp, AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.0000026480359000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB36AE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://westeurope-5.in.applicationinsights.azure.com/v2/track |
Source: AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB36AE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://westeurope.livediagnostics.monitor.azure.com/ |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.newtonsoft.com/json |
Source: Newtonsoft.Json.dll6.25.dr |
String found in binary or memory: https://www.newtonsoft.com/jsonschema |
Source: AgentPackageMonitoring.exe, 00000022.00000002.1799785537.00000194F1F48000.00000002.00000001.01000000.00000023.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.1798493130.00000194F1E72000.00000002.00000001.01000000.00000023.sdmp |
String found in binary or memory: https://www.nuget.org/packages/NLog.Web.AspNetCore |
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.1655475807.00000282FE1F2000.00000002.00000001.01000000.00000019.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.1799914480.00000194F1F52000.00000002.00000001.01000000.00000024.sdmp, AgentPackageInternalPoller.exe, 00000031.00000002.2166259653.000002DE74410000.00000002.00000001.01000000.00000036.sdmp, AgentPackageMarketplace.exe, 00000039.00000002.2374121318.000001AFDE1D2000.00000002.00000001.01000000.00000045.sdmp, Newtonsoft.Json.dll6.25.dr |
String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson |
Source: AgentPackageMonitoring.exe |
String found in binary or memory: https://www.sqlite.org/copyright.html |
Source: AgentPackageMonitoring.exe, 00000022.00000002.1820211384.00007FFBA3BC4000.00000002.00000001.01000000.0000001D.sdmp, SQLite.Interop.dll.14.dr |
String found in binary or memory: https://www.sqlite.org/copyright.html2 |