Windows Analysis Report
Nota-fiscal2.1.msi

Overview

General Information

Sample name: Nota-fiscal2.1.msi
Analysis ID: 1606867
MD5: 6032d2452e05a12f1449182deb3ab258
SHA1: 03a992f9020a003fe86e477ac28698afc16a73d3
SHA256: 394659c01bd981c3a4d5840fbd624c20e3270c9defc432ff3fe6ddb482b5ad46
Tags: msiuser-malrpt
Infos:

Detection

AteraAgent
Score: 100
Range: 0 - 100
Confidence: 100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected AteraAgent
Creates files in the system32 config directory
Installs Task Scheduler Managed Wrapper
Joe Sandbox ML detected suspicious sample
Queries disk data (e.g. SMART data)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive service information (via WMI, MSSMBios_RawSMBiosTables, often done to detect sandboxes)
Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)
Reads the Security eventlog
Reads the System eventlog
Sample is not signed and drops a device driver
Sigma detected: Rare Remote Thread Creation By Uncommon Source Image
Sigma detected: Suspicious Script Execution From Temp Folder
Writes many files with high entropy
Yara detected Generic Downloader
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for available system drives (often done to infect USB drives)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Is looking for software installed on the system
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries disk information (often used to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the product ID of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores large binary data to the registry
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses net.exe to stop services
Uses taskkill to terminate processes
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

AV Detection

barindex
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Virustotal: Detection: 25% Perma Link
Source: Nota-fiscal2.1.msi Virustotal: Detection: 19% Perma Link
Source: Nota-fiscal2.1.msi ReversingLabs: Detection: 28%
Source: Submited Sample Integrated Neural Analysis Model: Matched 99.0% probability
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 34_2_00007FFBA3A34BC0 CryptAcquireContextW,GetLastError,CryptReleaseContext,CryptReleaseContext,CryptReleaseContext, 34_2_00007FFBA3A34BC0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 34_2_00007FFBA3A34E20 CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptEncrypt,GetLastError,CryptDecrypt,GetLastError,CryptDestroyKey,CryptDestroyHash, 34_2_00007FFBA3A34E20
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 34_2_00007FFBA3A34DE0 CryptReleaseContext, 34_2_00007FFBA3A34DE0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\system32\InstallUtil.InstallLog
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\license.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\license.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\license.txt Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\license.txt Jump to behavior
Source: Binary string: D:\a\1\s\AgentPackageMarketplace\AgentPackageMarketplace\obj\Release\AgentPackageMarketplace.pdb source: AgentPackageMarketplace.exe, 00000039.00000000.2100335235.000001AFC4E92000.00000002.00000001.01000000.0000002C.sdmp
Source: Binary string: C:\projects\polly\src\Polly\obj\Release\netstandard1.1\Polly.pdbSHA256 source: AgentPackageMonitoring.exe, 00000022.00000002.1797089247.00000194F1CF2000.00000002.00000001.01000000.00000021.sdmp
Source: Binary string: /_/obj/Release/Microsoft.ApplicationInsights/net46/Microsoft.ApplicationInsights.pdb source: AgentPackageOsUpdates.exe, 00000032.00000002.2405073679.00000264F6672000.00000002.00000001.01000000.0000004B.sdmp
Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection/net6.0-Release/Microsoft.Extensions.DependencyInjection.pdb source: Microsoft.Extensions.DependencyInjection.dll0.25.dr
Source: Binary string: /_/artifacts/obj/System.Diagnostics.DiagnosticSource/net45-Release/System.Diagnostics.DiagnosticSource.pdb source: AgentPackageSystemTools.exe, 0000003A.00000002.2161390709.000001CCB3442000.00000002.00000001.01000000.00000032.sdmp
Source: Binary string: D:\a\12\s\AteraNugetPackages\Atera.AgentPackages.Exceptions\Atera.AgentPackages.Exceptions\obj\Release\Atera.AgentPackages.Exceptions.pdb source: AgentPackageADRemote.exe, 0000003D.00000002.2175080832.000001E722D52000.00000002.00000001.01000000.00000038.sdmp
Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000D.00000000.1502628326.0000027814962000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000013.00000002.1652993623.00000282E54F2000.00000002.00000001.01000000.00000018.sdmp, AgentPackageHeartbeat.exe, 00000035.00000002.2158573160.000001CA9F0E2000.00000002.00000001.01000000.00000030.sdmp, AgentPackageMarketplace.exe, 00000039.00000002.2361479730.000001AFDDF92000.00000002.00000001.01000000.00000042.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2158641883.000001CCB3122000.00000002.00000001.01000000.00000031.sdmp, Atera.AgentPackage.Common.dll7.25.dr
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdba source: AgentPackageOsUpdates.exe, 00000032.00000002.2414637389.00000264F6889000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\dev\sqlite\dotnet-private\obj\2012\System.Data.SQLite.2012\Release\System.Data.SQLite.pdbp+ source: AgentPackageMonitoring.exe, 00000022.00000002.1801345102.00000194F2012000.00000002.00000001.01000000.00000025.sdmp
Source: Binary string: D:\a\1\s\AgentPackageMarketplace\AgentPackageMarketplace\obj\Release\AgentPackageMarketplace.pdby source: AgentPackageMarketplace.exe, 00000039.00000000.2100335235.000001AFC4E92000.00000002.00000001.01000000.0000002C.sdmp
Source: Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdb source: AgentPackageMonitoring.exe, 00000022.00000002.1798493130.00000194F1E72000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: C:\projects\structuremap\src\StructureMap\obj\Release\net45\StructureMap.pdb source: AgentPackageMonitoring.exe, 00000022.00000002.1794691933.00000194F1B02000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: D:\a\1\s\Atera.AgentCommunication.Models\obj\Release\net45\Atera.AgentCommunication.Models.pdbSHA256G source: AgentPackageInternalPoller.exe, 00000031.00000002.2165001780.000002DE743C2000.00000002.00000001.01000000.00000035.sdmp
Source: Binary string: C:\Users\LiorKovarsky\Downloads\sharpsnmplib-11.3.0\sharpsnmplib-11.3.0\SharpSnmpLib\obj\Release\net45\win\SharpSnmpLib.pdbSHA256 source: AgentPackageInternalPoller.exe, 00000031.00000002.2218687866.000002DE74772000.00000002.00000001.01000000.0000003D.sdmp
Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000004.00000003.1426410096.0000000004E27000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.00000000046D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000491D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\s\Atera.AgentPackages.CommonLib\obj\Release\Atera.AgentPackages.CommonLib.pdb-a source: AgentPackageADRemote.exe, 0000003D.00000002.2168768236.000001E722D12000.00000002.00000001.01000000.00000037.sdmp
Source: Binary string: Pubnub.PDB source: AteraAgent.exe, 00000019.00000002.2683815553.00000079585F2000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: D:\a\41\s\AteraNugetPackages\Atera.AgentPackages.CommonLib\Atera.AgentPackages.CommonLib\obj\Release\Atera.AgentPackages.CommonLib.pdb' source: AgentPackageMarketplace.exe, 00000039.00000002.2285552116.000001AFC5682000.00000002.00000001.01000000.0000003E.sdmp
Source: Binary string: C:\Progr.pdb source: AteraAgent.exe, 00000019.00000002.2683815553.00000079585F2000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: .pdbn* source: AteraAgent.exe, 00000019.00000002.3048652033.0000024139092000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb source: AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, Agent.Package.Watchdog.exe, 00000042.00000000.2135326753.00007FF6906C7000.00000002.00000001.01000000.0000002F.sdmp, Agent.Package.Watchdog.exe, 00000042.00000002.2145854029.00007FF6906C7000.00000002.00000001.01000000.0000002F.sdmp, Agent.Package.Availability.exe.25.dr
Source: Binary string: E:\A\_work\21\obj\Microsoft.ApplicationInsights\Release\src\Microsoft.ApplicationInsights\net45\Microsoft.ApplicationInsights.pdb source: AgentPackageSystemTools.exe, 0000003A.00000002.2162545344.000001CCB34C2000.00000002.00000001.01000000.00000033.sdmp
Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000D.00000000.1502628326.0000027814962000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\a\1\s\AgentPackageADRemote\AgentPackageADRemote\obj\Release\AgentPackageADRemote.pdb source: AgentPackageADRemote.exe, 0000003D.00000000.2115110611.000001E7229A2000.00000002.00000001.01000000.0000002E.sdmp
Source: Binary string: D:\a\1\s\AgentPackageOsUpdates\AgentPackageOsUpdates.Common\obj\Release\AgentPackageOsUpdates.Common.pdb!_;_ -__CorDllMainmscoree.dll source: AgentPackageOsUpdates.exe, 00000032.00000002.2373394848.00000264F5A62000.00000002.00000001.01000000.00000044.sdmp
Source: Binary string: /_/src/Polly/obj/Release/net461/Polly.pdb source: AgentPackageOsUpdates.exe, 00000032.00000002.2381256281.00000264F6352000.00000002.00000001.01000000.00000048.sdmp
Source: Binary string: _XypC:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.PDB source: AteraAgent.exe, 00000019.00000002.2683815553.00000079585F2000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: ib.pdb source: AgentPackageOsUpdates.exe, 00000032.00000002.2414637389.00000264F6889000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\A\_work\533\obj\Microsoft.ApplicationInsights\Release\src\Microsoft.ApplicationInsights\net45\Microsoft.ApplicationInsights.pdb source: Microsoft.ApplicationInsights.dll.14.dr
Source: Binary string: D:\a\1\s\AgentPackageInternalPoller\AgentPackageInternalPoller\obj\Release\AgentPackageInternalPoller.pdb source: AteraAgent.exe, 00000019.00000002.3063401786.0000024139183000.00000004.00000020.00020000.00000000.sdmp, AgentPackageInternalPoller.exe, 00000031.00000000.2056854684.000002DE5B2C2000.00000002.00000001.01000000.00000029.sdmp
Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 0000000E.00000002.2026188476.000001F5CC1D2000.00000002.00000001.01000000.00000027.sdmp
Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 0000000E.00000002.2026188476.000001F5CC1D2000.00000002.00000001.01000000.00000027.sdmp
Source: Binary string: symbols\dll\Pubnub.pdb.pdb source: AteraAgent.exe, 00000019.00000002.2683815553.00000079585F2000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.1799914480.00000194F1F52000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.Configuration.EnvironmentVariables/netstandard2.0-Release/Microsoft.Extensions.Configuration.EnvironmentVariables.pdbSHA256 source: Microsoft.Extensions.Configuration.EnvironmentVariables.dll.25.dr
Source: Binary string: 0C:\Windows\Pubnub.pdb source: AteraAgent.exe, 00000019.00000002.2683815553.00000079585F2000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: C:\code\dapper-dot-net\Dapper\bin\Release\net45\Dapper.pdb source: AgentPackageMonitoring.exe, 00000022.00000002.1797884484.00000194F1DE2000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: _XyC:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.pdb source: AteraAgent.exe, 00000019.00000002.2683815553.00000079585F2000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdbSHA256d source: AgentPackageMonitoring.exe, 00000022.00000002.1798493130.00000194F1E72000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.Hosting/Release/net8.0/Microsoft.Extensions.Hosting.pdb source: Microsoft.Extensions.Hosting.dll.25.dr
Source: Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AgentPackageAgentInformation.exe, 00000013.00000000.1628585052.00000282E5052000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: C:\projects\polly\src\Polly\obj\Release\netstandard1.1\Polly.pdb source: AgentPackageMonitoring.exe, 00000022.00000002.1797089247.00000194F1CF2000.00000002.00000001.01000000.00000021.sdmp
Source: Binary string: D:\a\1\s\AgentPackageMonitoring\AgentPackageMonitoring\obj\Release\AgentPackageMonitoring.pdbb source: AgentPackageMonitoring.exe, 00000022.00000000.1737446041.00000194F0A92000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000004.00000003.1426410096.0000000004E27000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.00000000046D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000491D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.1655475807.00000282FE1F2000.00000002.00000001.01000000.00000019.sdmp, AgentPackageInternalPoller.exe, 00000031.00000002.2166259653.000002DE74410000.00000002.00000001.01000000.00000036.sdmp, Newtonsoft.Json.dll6.25.dr
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.1655475807.00000282FE1F2000.00000002.00000001.01000000.00000019.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.1799914480.00000194F1F52000.00000002.00000001.01000000.00000024.sdmp, AgentPackageInternalPoller.exe, 00000031.00000002.2166259653.000002DE74410000.00000002.00000001.01000000.00000036.sdmp, AgentPackageMarketplace.exe, 00000039.00000002.2374121318.000001AFDE1D2000.00000002.00000001.01000000.00000045.sdmp, Newtonsoft.Json.dll6.25.dr
Source: Binary string: r_XyindoC:\Windows\Pubnub.pdb source: AteraAgent.exe, 00000019.00000002.2683815553.00000079585F2000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: D:\a\1\s\AgentPackageTicketing\AgentPackageTicketing\obj\Release\AgentPackageTicketing.pdbTlnl `l_CorExeMainmscoree.dll source: AgentPackageTicketing.exe, 0000002F.00000000.2047106310.0000022CFB282000.00000002.00000001.01000000.00000028.sdmp
Source: Binary string: D:\a\1\s\AgentPackageOsUpdates\AgentPackageOsUpdates\obj\Release\AgentPackageOsUpdates.pdb source: AgentPackageOsUpdates.exe, 00000032.00000000.2058477375.00000264F5232000.00000002.00000001.01000000.0000002A.sdmp
Source: Binary string: D:\a\1\s\AgentPackageMonitoring\AgentPackageMonitoring\obj\Release\AgentPackageMonitoring.pdb source: AgentPackageMonitoring.exe, 00000022.00000000.1737446041.00000194F0A92000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: C:\Users\LiorKovarsky\Downloads\sharpsnmplib-11.3.0\sharpsnmplib-11.3.0\SharpSnmpLib\obj\Release\net45\win\SharpSnmpLib.pdb source: AgentPackageInternalPoller.exe, 00000031.00000002.2218687866.000002DE74772000.00000002.00000001.01000000.0000003D.sdmp
Source: Binary string: D:\a\1\s\Atera.AgentPackages.CommonLib\obj\Release\Atera.AgentPackages.CommonLib.pdb source: AgentPackageADRemote.exe, 0000003D.00000002.2168768236.000001E722D12000.00000002.00000001.01000000.00000037.sdmp
Source: Binary string: D:\a\12\s\AteraNugetPackages\Atera.AgentPackages.Exceptions\Atera.AgentPackages.Exceptions\obj\Release\Atera.AgentPackages.Exceptions.pdbJ,d, V,_CorDllMainmscoree.dll source: AgentPackageADRemote.exe, 0000003D.00000002.2175080832.000001E722D52000.00000002.00000001.01000000.00000038.sdmp
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: Nota-fiscal2.1.msi
Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb4X source: AgentPackageHeartbeat.exe, 00000035.00000002.2158573160.000001CA9F0E2000.00000002.00000001.01000000.00000030.sdmp
Source: Binary string: D:\a\1\s\AgentPackageHeartbeat\AgentPackageHeartbeat\obj\Release\AgentPackageHeartbeat.pdb source: AgentPackageHeartbeat.exe, 00000035.00000000.2068699034.000001CA9ECB2000.00000002.00000001.01000000.0000002B.sdmp
Source: Binary string: /_/src/Polly/obj/Release/net461/Polly.pdbSHA256I5 source: AgentPackageOsUpdates.exe, 00000032.00000002.2381256281.00000264F6352000.00000002.00000001.01000000.00000048.sdmp
Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000004.00000003.1426410096.0000000004E27000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.00000000046D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000491D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047A3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\structuremap\src\StructureMap\obj\Release\net45\StructureMap.pdbSHA256`{f source: AgentPackageMonitoring.exe, 00000022.00000002.1794691933.00000194F1B02000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: d:\svn\sr01\tim\dev\win32\stvideo\display\objfre_win7_x86\i386\stvideo.pdb source: stvideo.dll.2.dr
Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000013.00000002.1652993623.00000282E54F2000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.Configuration.EnvironmentVariables/netstandard2.0-Release/Microsoft.Extensions.Configuration.EnvironmentVariables.pdb source: Microsoft.Extensions.Configuration.EnvironmentVariables.dll.25.dr
Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.Hosting/Release/net8.0/Microsoft.Extensions.Hosting.pdbSHA256 source: Microsoft.Extensions.Hosting.dll.25.dr
Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection/net6.0-Release/Microsoft.Extensions.DependencyInjection.pdbSHA256 source: Microsoft.Extensions.DependencyInjection.dll0.25.dr
Source: Binary string: E:\A\_work\533\obj\Microsoft.ApplicationInsights\Release\src\Microsoft.ApplicationInsights\net45\Microsoft.ApplicationInsights.pdbCW source: Microsoft.ApplicationInsights.dll.14.dr
Source: Binary string: mscorlib.pdb source: AgentPackageOsUpdates.exe, 00000032.00000002.2390287821.00000264F64A0000.00000004.00000020.00020000.00000000.sdmp, AgentPackageOsUpdates.exe, 00000032.00000002.2414637389.00000264F687C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: AgentPackageOsUpdates.exe, 00000032.00000002.2414637389.00000264F68BC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\str\dev\win32\sthid\hidmapper\objfre_win7_x86\i386\hidkmdf.pdb source: hidkmdf.sys.2.dr
Source: Binary string: C:\dev\sqlite\dotnet-private\bin\2012\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: AgentPackageMonitoring.exe, 00000022.00000002.1819603939.00007FFBA3B7A000.00000002.00000001.01000000.0000001D.sdmp, AgentPackageMonitoring.exe, 00000037.00000002.2668627300.00007FFBA398C000.00000002.00000001.01000000.0000001D.sdmp, SQLite.Interop.dll.14.dr
Source: Binary string: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.PDBt source: AteraAgent.exe, 00000019.00000002.2683815553.00000079585F2000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000D.00000002.1539605654.000002782EED2000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\1\s\AgentPackageOsUpdates\AgentPackageOsUpdates.Common\obj\Release\AgentPackageOsUpdates.Common.pdb source: AgentPackageOsUpdates.exe, 00000032.00000002.2373394848.00000264F5A62000.00000002.00000001.01000000.00000044.sdmp
Source: Binary string: d:\str\dev\win32\sthid\hidmapper\objfre_win7_x86\i386\hidkmdf.pdbN source: hidkmdf.sys.2.dr
Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000D.00000002.1539605654.000002782EED2000.00000002.00000001.01000000.00000011.sdmp, AteraAgent.exe, 00000019.00000002.2683815553.00000079585F2000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb0 source: AgentPackageAgentInformation.exe, 00000013.00000000.1628585052.00000282E5052000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdbmmmGCTL source: AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, Agent.Package.Watchdog.exe, 00000042.00000000.2135326753.00007FF6906C7000.00000002.00000001.01000000.0000002F.sdmp, Agent.Package.Watchdog.exe, 00000042.00000002.2145854029.00007FF6906C7000.00000002.00000001.01000000.0000002F.sdmp, Agent.Package.Availability.exe.25.dr
Source: Binary string: c:\dev\sqlite\dotnet-private\obj\2012\System.Data.SQLite.2012\Release\System.Data.SQLite.pdb source: AgentPackageMonitoring.exe, 00000022.00000002.1801345102.00000194F2012000.00000002.00000001.01000000.00000025.sdmp
Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdb source: System.Memory.dll3.25.dr
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: Nota-fiscal2.1.msi
Source: Binary string: D:\a\1\s\Atera.AgentCommunication.Models\obj\Release\net45\Atera.AgentCommunication.Models.pdb source: AgentPackageInternalPoller.exe, 00000031.00000002.2165001780.000002DE743C2000.00000002.00000001.01000000.00000035.sdmp
Source: Binary string: D:\a\41\s\AteraNugetPackages\Atera.AgentPackages.CommonLib\Atera.AgentPackages.CommonLib\obj\Release\Atera.AgentPackages.CommonLib.pdb source: AgentPackageMarketplace.exe, 00000039.00000002.2285552116.000001AFC5682000.00000002.00000001.01000000.0000003E.sdmp
Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdbSHA256 source: System.Memory.dll3.25.dr
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256^Y source: AgentPackageMarketplace.exe, 00000039.00000002.2374121318.000001AFDE1D2000.00000002.00000001.01000000.00000045.sdmp
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Contracts\4.0.1.0\System.Diagnostics.Contracts.pdb source: System.Diagnostics.Contracts.dll.25.dr
Source: Binary string: D:\a\1\s\AgentPackageTicketing\AgentPackageTicketing\obj\Release\AgentPackageTicketing.pdb source: AgentPackageTicketing.exe, 0000002F.00000000.2047106310.0000022CFB282000.00000002.00000001.01000000.00000028.sdmp
Source: C:\Windows\System32\msiexec.exe File opened: z: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: x: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: v: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: t: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: r: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: p: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: n: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: l: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: j: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: h: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: f: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: b: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: y: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: w: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: u: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: s: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: q: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: o: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: m: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: k: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: i: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: g: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: e: Jump to behavior
Source: C:\Windows\System32\cscript.exe File opened: c:
Source: C:\Windows\System32\msiexec.exe File opened: a: Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFB49D81873h 13_2_00007FFB49D80C1D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFB49D81A44h 13_2_00007FFB49D80C1D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFB49D81FFFh 13_2_00007FFB49D80C1D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFB49D8227Bh 13_2_00007FFB49D80C1D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFB49D81FFFh 13_2_00007FFB49D81E7E
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFB49D81FFFh 13_2_00007FFB49D81E88
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFB49D81873h 13_2_00007FFB49D8184E
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFB49D81A44h 13_2_00007FFB49D8184E
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFB49D81FFFh 13_2_00007FFB49D81EB6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFB49D84ECBh 14_2_00007FFB49D84E6B
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFB49D8227Bh 14_2_00007FFB49D8225D

Networking

barindex
Source: C:\Windows\SysWOW64\rundll32.exe Network Connect: 40.119.152.241 443
Source: Yara match File source: 19.0.AgentPackageAgentInformation.exe.282e5050000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\netstandard.dll, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.Utils.dll, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.Utils.dll, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\chocolatey.dll, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\choco.exe, type: DROPPED
Source: AteraAgent.exe, 00000019.00000002.2726480877.00000241206BE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENT.PACKAGE.AVAILABILITY/0.19/AGENT.PACKAGE.AVAILABILITY.Z
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEAGENTINFORMATION/39.1/AGENTPACKAGEAGENTINFORMATI
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEMONITORING/38.1/AGENTPACKAGEMONITORING.ZIP
Source: AteraAgent.exe, 00000019.00000002.2726480877.00000241206BE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEPROGRAMMANAGEMENT/26.9/AGENTPACKAGEPROGRAMMANAGE
Source: AteraAgent.exe, 00000019.00000002.2726480877.00000241205AD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGERUNTIMEINSTALLER/1.6/AGENTPACKAGERUNTIMEINSTALLE
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGESTREMOTE/24.4/AGENTPACKAGESTREMOTE.ZIP
Source: AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7724000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://a6dc35606b2c6816e.awsglobalaccelerator.com
Source: AteraAgent.exe, 0000000D.00000000.1502628326.0000027814962000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B30F1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.00000241204A1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://acontrol.atera.com/
Source: AgentPackageAgentInformation.exe, 0000002B.00000002.2379974858.0000024E00145000.00000004.00000800.00020000.00000000.sdmp, AgentPackageInternalPoller.exe, 00000031.00000002.2135024435.000002DE5BC90000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000037.00000002.2375521044.000002940D037000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000037.00000002.2375521044.000002940CF1A000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMarketplace.exe, 00000039.00000002.2292283172.000001AFC5A32000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMarketplace.exe, 00000039.00000002.2292283172.000001AFC5ACE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://agent-api.atera.com
Source: rundll32.exe, 00000005.00000002.1473960620.0000000004915000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3517000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B347C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3378000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36BD000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1588990529.00000000049C5000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.1653378207.00000282E5C15000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1653665388.0000021213C45000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120FA8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120BA3000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53FE9000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53EDE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53F73000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.1778954341.00000194805A2000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002B.00000002.2379974858.0000024E00145000.00000004.00000800.00020000.00000000.sdmp, AgentPackageInternalPoller.exe, 00000031.00000002.2135024435.000002DE5BC90000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000037.00000002.2375521044.000002940D037000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000037.00000002.2375521044.000002940CF1A000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMarketplace.exe, 00000039.00000002.2292283172.000001AFC5A32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://atera-agent-api-eu.westeurope.cloudapp.azure.com
Source: AgentPackageHeartbeat.exe, 00000035.00000002.2162325425.000001CA9F71D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://atera-agent-heartbeat-cus.servicebus.windows.net
Source: AteraAgent.exe, 00000019.00000002.3048652033.00000241390B6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.dNcM
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024836617.000001F5CBE7B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB9A8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.0000024139203000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139183000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139173000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi, SQLite.Interop.dll.14.dr, System.Memory.dll3.25.dr, Microsoft.ApplicationInsights.dll.14.dr, Microsoft.Extensions.Configuration.EnvironmentVariables.dll.25.dr, System.Runtime.CompilerServices.Unsafe.dll5.25.dr, Microsoft.Extensions.Hosting.dll.25.dr, Agent.Package.Availability.exe.25.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB77D3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4Cod
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3517000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B347C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B378D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33FF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120E30000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120C5C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120C04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.00000241212E6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120E9D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120DC5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024121162000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
Source: AteraAgent.exe, 0000000D.00000002.1537165343.00000278166C9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1538019945.000002782EDD0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1540158114.000002782F0A9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024453951.000001F5CBE25000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024836617.000001F5CBE7B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2026890111.000001F5CC2EA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB9A8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD9F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139183000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139173000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3048652033.00000241390DB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.0000024139218000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3034482348.0000024138E49000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3048652033.000002413910B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3048652033.00000241390B6000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7742000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB77C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB9A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crty
Source: AteraAgent.exe, 00000019.00000002.3064408544.000002413923F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA2
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1538019945.000002782EDD0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1977772959.000001F5B2A57000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024836617.000001F5CBE7B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139183000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139173000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3048652033.000002413910B000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7742000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB77C2000.00000004.00000800.00020000.00000000.sdmp, Nota-fiscal2.1.msi, SQLite.Interop.dll.14.dr, System.Memory.dll3.25.dr, Microsoft.ApplicationInsights.dll.14.dr, Microsoft.Extensions.Configuration.EnvironmentVariables.dll.25.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB982000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024836617.000001F5CBE7B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2026890111.000001F5CC2EA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD9F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.1657300940.00000282FE33B000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.1657300940.00000282FE305000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1657823398.000002122C252000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1657823398.000002122C2C6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.0000024139203000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139183000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413923F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3034482348.0000024138E10000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139173000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
Source: AteraAgent.exe, 00000019.00000002.3048652033.00000241390B6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicz
Source: AgentPackageMonitoring.exe, 00000022.00000002.1802723699.00000194F2CF8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.microsoft.M%~
Source: stvideo.dll.2.dr, hidkmdf.sys.2.dr String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: AteraAgent.exe, 0000000D.00000002.1538019945.000002782EEBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/
Source: AteraAgent.exe, 00000019.00000002.3064408544.000002413923F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/Dig
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024836617.000001F5CBE7B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB9A8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.0000024139203000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139183000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139173000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi, SQLite.Interop.dll.14.dr, System.Memory.dll3.25.dr, Microsoft.ApplicationInsights.dll.14.dr, Microsoft.Extensions.Configuration.EnvironmentVariables.dll.25.dr, System.Runtime.CompilerServices.Unsafe.dll5.25.dr, Microsoft.Extensions.Hosting.dll.25.dr, Agent.Package.Availability.exe.25.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: AteraAgent.exe, 0000000D.00000002.1538019945.000002782EDD0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1538019945.000002782EE53000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1538019945.000002782EEAB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD9F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Source: AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD9F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl(
Source: AteraAgent.exe, 0000000D.00000002.1537165343.00000278166C9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1538019945.000002782EDD0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1540158114.000002782F0A9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3517000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024453951.000001F5CBE25000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024836617.000001F5CBE7B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2026890111.000001F5CC2EA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB9A8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD9F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B347C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B378D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33FF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.0000024139203000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120E30000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120C5C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120C04000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB9A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlhttp://crl4.digicert.co
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1538019945.000002782EDD0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1977772959.000001F5B2A57000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024836617.000001F5CBE7B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD9F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139183000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139173000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3048652033.000002413910B000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7742000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB77C2000.00000004.00000800.00020000.00000000.sdmp, Nota-fiscal2.1.msi, SQLite.Interop.dll.14.dr, System.Memory.dll3.25.dr, Microsoft.ApplicationInsights.dll.14.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: AteraAgent.exe, 0000000D.00000002.1538019945.000002782EEBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
Source: AteraAgent.exe, 0000000D.00000002.1538019945.000002782EEAB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl)
Source: Newtonsoft.Json.dll6.25.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: AteraAgent.exe, 0000000D.00000002.1538019945.000002782EDD0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlL
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AteraAgent.exe, 0000000D.00000002.1540158114.000002782F09A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlx
Source: AteraAgent.exe, 0000000D.00000002.1538019945.000002782EEAB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedRootG4.crllorer
Source: AteraAgent.exe, 0000000D.00000002.1538019945.000002782EEBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AteraAgent.exe, 0000000D.00000002.1538019945.000002782EDD0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1538019945.000002782EEAB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3517000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD9F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B347C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B378D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33FF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120E30000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120C5C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120C04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.00000241212E6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120E9D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120DC5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024121162000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Source: AteraAgent.exe, 0000000D.00000002.1537165343.00000278166C9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1538019945.000002782EDD0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1540158114.000002782F0A9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024453951.000001F5CBE25000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024836617.000001F5CBE7B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2026890111.000001F5CC2EA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB9A8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD9F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139183000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413923F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139173000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.0000024139218000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3034482348.0000024138E49000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3048652033.000002413910B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3048652033.00000241390B6000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7742000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB77C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: AteraAgent.exe, 0000000D.00000002.1538019945.000002782EEAB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl3
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl8
Source: AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD9F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl:
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: AteraAgent.exe, 0000000D.00000002.1540158114.000002782F09A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Source: AteraAgent.exe, 00000019.00000002.3063401786.0000024139173000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.iCertTrustedG4Co842021CA1.cr
Source: AteraAgent.exe, 00000019.00000002.3063401786.0000024139173000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crlertTrustedG4eStampingCA.crl0
Source: AteraAgent.exe, 00000019.00000002.2693235801.000002411FC2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ctldl.windowsupdate.com/
Source: AteraAgent.exe, 00000019.00000002.2693235801.000002411FC2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ctldl.windowsupdate.com/13
Source: AteraAgent.exe, 00000019.00000002.2693235801.000002411FC2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ctldl.windowsupdate.com/e
Source: AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD9F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabion
Source: AteraAgent.exe, 00000019.00000002.3034482348.0000024138EEA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3034482348.0000024138E10000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3048652033.00000241390B6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
Source: AteraAgent.exe, 00000019.00000002.3064408544.00000241391BD000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3034482348.0000024138E49000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?46214fc
Source: AteraAgent.exe, 00000019.00000002.3048652033.000002413910B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4af06e5
Source: AteraAgent.exe, 00000019.00000002.3034482348.0000024138E49000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?84dee2f
Source: AteraAgent.exe, 00000019.00000002.3048652033.0000024139050000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3048652033.000002413910B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?aa13a83
Source: AteraAgent.exe, 00000019.00000002.3048652033.000002413910B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?ee7937b
Source: AteraAgent.exe, 00000019.00000002.3048652033.00000241390DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.caba
Source: AteraAgent.exe, 00000019.00000002.3064408544.00000241391C3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cabb
Source: AteraAgent.exe, 00000019.00000002.3048652033.00000241390DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cabj
Source: AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBDF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enb
Source: AteraAgent.exe, 00000019.00000002.2693235801.000002411FC2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ctldl.windowsupdate.com/p
Source: AteraAgent.exe, 00000019.00000002.3048652033.000002413910B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3543
Source: AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7766000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://d17kmd0va0f0mp.cloudfront.net
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://d25btwd9wax8gu.cloudfront.net
Source: AgentPackageAgentInformation.exe, 00000013.00000000.1628585052.00000282E5052000.00000002.00000001.01000000.00000016.sdmp String found in binary or memory: http://dl.google.com/googletalk/googletalk-setup.exe
Source: AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7766000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://download.splashtop.com
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264801E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://gig-ai-prod-weur-0-app-v4-tag.westeurope.cloudapp.azure.com
Source: Newtonsoft.Json.dll6.25.dr String found in binary or memory: http://james.newtonking.com/projects/json
Source: AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7724000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://my.splashtop.com
Source: AgentPackageMonitoring.exe, 00000022.00000002.1798493130.00000194F1E72000.00000002.00000001.01000000.00000023.sdmp String found in binary or memory: http://nlog-project.org/dummynamespace/
Source: AgentPackageMonitoring.exe, 00000022.00000002.1798493130.00000194F1E72000.00000002.00000001.01000000.00000023.sdmp String found in binary or memory: http://nlog-project.org/ws/
Source: AgentPackageMonitoring.exe, 00000022.00000002.1798493130.00000194F1E72000.00000002.00000001.01000000.00000023.sdmp String found in binary or memory: http://nlog-project.org/ws/3
Source: AgentPackageMonitoring.exe, 00000022.00000002.1798493130.00000194F1E72000.00000002.00000001.01000000.00000023.sdmp String found in binary or memory: http://nlog-project.org/ws/5
Source: AgentPackageMonitoring.exe, 00000022.00000002.1798493130.00000194F1E72000.00000002.00000001.01000000.00000023.sdmp String found in binary or memory: http://nlog-project.org/ws/ILogReceiverOneWayServer/ProcessLogMessages
Source: AgentPackageMonitoring.exe, 00000022.00000002.1798493130.00000194F1E72000.00000002.00000001.01000000.00000023.sdmp String found in binary or memory: http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesResponsep
Source: AgentPackageMonitoring.exe, 00000022.00000002.1798493130.00000194F1E72000.00000002.00000001.01000000.00000023.sdmp String found in binary or memory: http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesT
Source: AgentPackageMonitoring.exe, 00000022.00000002.1798493130.00000194F1E72000.00000002.00000001.01000000.00000023.sdmp String found in binary or memory: http://nlog-project.org/ws/T
Source: AgentPackageHeartbeat.exe, 00000035.00000002.2162325425.000001CA9F71D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ns-prod-dm2-az501.centralus.cloudapp.azure.com
Source: AteraAgent.exe, 00000019.00000002.3048652033.00000241390B6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.c
Source: AteraAgent.exe, 00000019.00000002.3048652033.00000241390B6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.cLcK
Source: AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBDF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com/
Source: AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBDF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rh
Source: AteraAgent.exe, 0000000D.00000002.1538019945.000002782EDD0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1536126952.0000027814ABF000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB9A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
Source: AteraAgent.exe, 0000000D.00000002.1537165343.00000278166C9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1538019945.000002782EDD0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1540158114.000002782F0A9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3517000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024453951.000001F5CBE25000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024836617.000001F5CBE7B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2026890111.000001F5CC2EA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB9A8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD9F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B347C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B378D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33FF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120E30000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120C5C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120C04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139183000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB982000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024836617.000001F5CBE7B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2026890111.000001F5CC2EA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD9F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.1657300940.00000282FE33B000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.1657300940.00000282FE305000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1657823398.000002122C252000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1657823398.000002122C2C6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.0000024139203000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139183000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413923F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3034482348.0000024138E10000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139173000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0A
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024836617.000001F5CBE7B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB9A8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.0000024139203000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139183000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139173000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi, SQLite.Interop.dll.14.dr, System.Memory.dll3.25.dr, Microsoft.ApplicationInsights.dll.14.dr, Microsoft.Extensions.Configuration.EnvironmentVariables.dll.25.dr, System.Runtime.CompilerServices.Unsafe.dll5.25.dr, Microsoft.Extensions.Hosting.dll.25.dr, Agent.Package.Availability.exe.25.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi String found in binary or memory: http://ocsp.digicert.com0K
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi String found in binary or memory: http://ocsp.digicert.com0N
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi String found in binary or memory: http://ocsp.digicert.com0O
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1538019945.000002782EDD0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1977772959.000001F5B2A57000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024836617.000001F5CBE7B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139183000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413923F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139173000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3048652033.000002413910B000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7742000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB77C2000.00000004.00000800.00020000.00000000.sdmp, Nota-fiscal2.1.msi, SQLite.Interop.dll.14.dr, System.Memory.dll3.25.dr, Microsoft.ApplicationInsights.dll.14.dr String found in binary or memory: http://ocsp.digicert.com0X
Source: AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBDF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRS
Source: AteraAgent.exe, 0000000D.00000002.1538019945.000002782EE53000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB9A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com:80/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF
Source: AteraAgent.exe, 0000000D.00000002.1538019945.000002782EDD0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
Source: AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB9A8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD80000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3048652033.0000024139050000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
Source: AteraAgent.exe, 0000000E.00000002.2024453951.000001F5CBE2B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3034482348.0000024138E49000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl
Source: stvideo.dll.2.dr, hidkmdf.sys.2.dr String found in binary or memory: http://ocsp.thawte.com0
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ps.atera.com
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3517000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3378000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120C04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F05000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120BA3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ps.pndsn.com
Source: stvideo.dll.2.dr String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: stvideo.dll.2.dr String found in binary or memory: http://s2.symcb.com0
Source: AteraAgent.exe, 0000000D.00000002.1537165343.00000278166C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.datacontract.org
Source: AteraAgent.exe, 0000000D.00000002.1537165343.00000278166C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: AteraAgent.exe, 0000000D.00000002.1537165343.00000278166C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceProcess
Source: AgentPackageMonitoring.exe, 00000022.00000002.1798493130.00000194F1E72000.00000002.00000001.01000000.00000023.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: rundll32.exe, 00000005.00000002.1473960620.00000000048F4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1473960620.0000000004851000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B30F1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1588990529.0000000004901000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1588990529.00000000049A7000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.1653378207.00000282E5AF9000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1653665388.0000021213BDB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.00000241204A1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53FA3000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53D21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.1727545424.0000029DE403A000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7692000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.1778954341.00000194800EF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002B.00000002.2379974858.0000024E00001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.2022321033.0000011032D2A000.00000004.00000800.00020000.00000000.sdmp, AgentPackageTicketing.exe, 0000002F.00000002.2680543231.0000022C80001000.00000004.00000800.00020000.00000000.sdmp, AgentPackageInternalPoller.exe, 00000031.00000002.2135024435.000002DE5BB90000.00000004.00000800.00020000.00000000.sdmp, AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264801B7000.00000004.00000800.00020000.00000000.sdmp, AgentPackageHeartbeat.exe, 00000035.00000002.2162325425.000001CA9F601000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000037.00000002.2375521044.000002940CDDF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMarketplace.exe, 00000039.00000002.2292283172.000001AFC59B9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: stvideo.dll.2.dr String found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: stvideo.dll.2.dr String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: stvideo.dll.2.dr String found in binary or memory: http://sv.symcd.com0&
Source: stvideo.dll.2.dr, hidkmdf.sys.2.dr String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: stvideo.dll.2.dr, hidkmdf.sys.2.dr String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: stvideo.dll.2.dr, hidkmdf.sys.2.dr String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264801E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://westeurope-5.in.applicationinsights.azure.com
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi String found in binary or memory: http://wixtoolset.org
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E27000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.00000000046D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000491D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047A3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E27000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.00000000046D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000491D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047A3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://wixtoolset.org/news/
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E27000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.00000000046D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000491D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047A3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://wixtoolset.org/releases/
Source: AgentPackageMonitoring.exe, 00000022.00000002.1795199882.00000194F1BA2000.00000002.00000001.01000000.00000020.sdmp, AgentPackageMonitoring.exe, 00000037.00000002.2375521044.000002940CBEA000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000037.00000002.2375521044.000002940D0F7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.abit.com.tw/
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3517000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B347C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B378D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33FF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120E30000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120C5C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120C04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.00000241212E6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120E9D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120DC5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024121143000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.digicert.com/CPS
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1537165343.00000278166C9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1538019945.000002782EDD0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.1540158114.000002782F0A9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024453951.000001F5CBE25000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2024836617.000001F5CBE7B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2026890111.000001F5CC2EA000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2017961247.000001F5CB9A8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.2021893094.000001F5CBD9F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B37EC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3064408544.0000024139203000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139183000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3063401786.0000024139173000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3034482348.0000024138E49000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.3048652033.000002413910B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.digicert.com/CPS0
Source: stvideo.dll.2.dr String found in binary or memory: http://www.symauth.com/cps0(
Source: stvideo.dll.2.dr String found in binary or memory: http://www.symauth.com/rpa00
Source: AteraAgent.exe, 0000000D.00000002.1537165343.00000278166C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.w3.o
Source: AteraAgent.exe, 0000000D.00000002.1537165343.00000278166C9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.w3.oh
Source: AgentPackageHeartbeat.exe, 00000035.00000000.2068699034.000001CA9ECB2000.00000002.00000001.01000000.0000002B.sdmp String found in binary or memory: https://1.servicebus.windows.net/
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120FA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.P
Source: AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53FA3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.P2
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120FA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.PR
Source: rundll32.exe, 00000005.00000002.1473960620.00000000048F4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1588990529.00000000049A7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.aterD
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120FA8000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53DBF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53EDE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53FA3000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53F73000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53D21000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.1778954341.00000194800EF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002B.00000002.2379974858.0000024E00001000.00000004.00000800.00020000.00000000.sdmp, AgentPackageTicketing.exe, 0000002F.00000002.2680543231.0000022C80001000.00000004.00000800.00020000.00000000.sdmp, AgentPackageInternalPoller.exe, 00000031.00000002.2135024435.000002DE5BB90000.00000004.00000800.00020000.00000000.sdmp, AgentPackageInternalPoller.exe, 00000031.00000002.2135024435.000002DE5BC8A000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000037.00000002.2375521044.000002940CDDF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 00000037.00000002.2375521044.000002940CF1A000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMarketplace.exe, 00000039.00000002.2292283172.000001AFC59B9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E27000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.00000000046D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1473960620.00000000048F4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1473960620.0000000004851000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000491D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1588990529.0000000004901000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047A3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1588990529.00000000049A7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/
Source: AgentPackageAgentInformation.exe, 0000002B.00000002.2379974858.0000024E0024C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Prh
Source: AgentPackageAgentInformation.exe, 00000013.00000002.1653378207.00000282E5AF9000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1653665388.0000021213BDB000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53DBF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53EDE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53F73000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E27000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.00000000046D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1473960620.00000000048F4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1473960620.0000000004851000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000491D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3517000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3378000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36BD000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1588990529.0000000004901000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047A3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1588990529.00000000049A7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36BD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/AcknowledgeCommands
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120FA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/Age
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31A1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3378000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120FA8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting)
Source: AgentPackageAgentInformation.exe, 00000013.00000002.1653378207.00000282E5AF9000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000015.00000002.1653665388.0000021213BDB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/CommandResult
Source: AgentPackageTicketing.exe, 0000002F.00000002.2680543231.0000022C80001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/CommandResultRecurring/AgentPackageTicketingInstallHelp
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120E9D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetComm
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3174000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.00000241207D6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.00000241205AD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.00000241206B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommands
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31A1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.00000241207D6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120500000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120E9D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallback
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B30F1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetEnvironmentStatus
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B30F1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages.com/v2/subscribe/sub-c-a02ceca8-a9
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120500000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/Trace
Source: AgentPackageInternalPoller.exe, 00000031.00000002.2135024435.000002DE5BB90000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/agentMonitoredDevices/91d65b6a-c69b-4419-a93a-e6e1d23bb
Source: AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53FA3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/dynamic-fields/
Source: AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53FA3000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53D21000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/dynamic-fields/script-based
Source: AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53DBF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/guiCommandResult
Source: AgentPackageAgentInformation.exe, 0000002B.00000002.2379974858.0000024E0024C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/recurringCo
Source: AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53EDE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1894903802.0000021E53F73000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002B.00000002.2379974858.0000024E00001000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000002B.00000002.2379974858.0000024E0024C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/recurringCommandResult
Source: AgentPackageMonitoring.exe, 00000022.00000002.1778954341.00000194800EF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/thresholds/91d65b6a-c69b-4419-a93a-e6e1d23bb212
Source: rundll32.exe, 00000005.00000002.1473960620.00000000048F4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1473960620.0000000004851000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1588990529.0000000004901000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1588990529.00000000049A7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event
Source: rundll32.exe, 00000005.00000002.1473960620.0000000004936000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.1588990529.00000000049E6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event;
Source: AgentPackageMonitoring.exe, 00000037.00000002.2375521044.000002940CDDF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Alerts/AddAlertsFromAgent
Source: AgentPackageMonitoring.exe, 00000037.00000002.2375521044.000002940CFB4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/monitoring/v1/MonitoringPackage/AddAgentMetrics
Source: AgentPackageMonitoring.exe, 00000037.00000002.2375521044.000002940CFB4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/monitoring/v1/MonitoringPackage/AddAgentMetrics0
Source: AgentPackageMarketplace.exe, 00000039.00000002.2292283172.000001AFC59B9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/v1/Provision/scripts?operatingSystem=Windows
Source: AgentPackageMarketplace.exe, 00000039.00000002.2292283172.000001AFC5A61000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/v1/Provision/sync
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F05000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.hhb
Source: AgentPackageSystemTools.exe, 0000003A.00000002.2162545344.000001CCB34C2000.00000002.00000001.01000000.00000033.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB36AE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB363C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent.azureserviceprofiler.net/
Source: AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB363C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent.azureserviceprofiler.net/X
Source: AgentPackageSystemTools.exe, 0000003A.00000002.2162545344.000001CCB34C2000.00000002.00000001.01000000.00000033.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB36AE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB363C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent.azureserviceprofiler.net/p
Source: Agent.Package.Watchdog.exe, 00000042.00000000.2135326753.00007FF6906C7000.00000002.00000001.01000000.0000002F.sdmp, Agent.Package.Watchdog.exe, 00000042.00000002.2145854029.00007FF6906C7000.00000002.00000001.01000000.0000002F.sdmp, Agent.Package.Availability.exe.25.dr String found in binary or memory: https://aka.ms/dotnet-core-applaunch?
Source: Agent.Package.Watchdog.exe, 00000042.00000000.2135326753.00007FF6906C7000.00000002.00000001.01000000.0000002F.sdmp, Agent.Package.Watchdog.exe, 00000042.00000002.2145854029.00007FF6906C7000.00000002.00000001.01000000.0000002F.sdmp, Agent.Package.Availability.exe.25.dr String found in binary or memory: https://aka.ms/dotnet-core-applaunch?Architecture:
Source: Agent.Package.Watchdog.exe, 00000042.00000002.2143865050.00000235EBD1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win-x64&os=win10&apphost_vers
Source: AteraAgent.exe, 00000019.00000002.3064408544.000002413921E000.00000004.00000020.00020000.00000000.sdmp, Agent.Package.Watchdog.exe, 00000042.00000000.2135326753.00007FF6906C7000.00000002.00000001.01000000.0000002F.sdmp, Agent.Package.Watchdog.exe, 00000042.00000002.2145854029.00007FF6906C7000.00000002.00000001.01000000.0000002F.sdmp, Agent.Package.Watchdog.exe, 00000042.00000002.2143865050.00000235EBD1C000.00000004.00000020.00020000.00000000.sdmp, Agent.Package.Availability.exe.25.dr String found in binary or memory: https://aka.ms/dotnet/app-launch-failed
Source: powershell.exe, 0000001E.00000002.1727545424.0000029DE3FEA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aka.ms/pscore6
Source: powershell.exe, 0000001E.00000002.1727545424.0000029DE400A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.2022321033.0000011032CFF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002D.00000002.2022321033.0000011032D2A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aka.ms/pscore68
Source: AgentPackageTicketing.exe, 0000002F.00000002.2680543231.0000022C8007F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.nuget.org
Source: AgentPackageTicketing.exe, 0000002F.00000002.2680543231.0000022C8007F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.nuget.org/v3-flatcontainer/eo.webbrowser/24.1.46/eo.webbrowser.24.1.46.nupkg
Source: AgentPackageHeartbeat.exe, 00000035.00000002.2162325425.000001CA9F70E000.00000004.00000800.00020000.00000000.sdmp, AgentPackageHeartbeat.exe, 00000035.00000002.2162325425.000001CA9F601000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://atera-agent-heartbeat-cus.servicebus.windows.net
Source: AgentPackageHeartbeat.exe, 00000035.00000002.2162325425.000001CA9F601000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://atera-agent-heartbeat-cus.servicebus.windows.net/
Source: AgentPackageHeartbeat.exe, 00000035.00000002.2162325425.000001CA9F601000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://atera-agent-heartbeat-cus.servicebus.windows.net/agentheartbeat/messages
Source: stvideo.dll.2.dr String found in binary or memory: https://d.symcb.com/cps0%
Source: stvideo.dll.2.dr String found in binary or memory: https://d.symcb.com/rpa0
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264802BA000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB36AA000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB363C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dc.services.visualstudio.com
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264802BA000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB363C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dc.services.visualstudio.com/
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2405073679.00000264F6672000.00000002.00000001.01000000.0000004B.sdmp String found in binary or memory: https://dc.services.visualstudio.com/Jhttps://rt.services.visualstudio.com/Fhttps://profiler.monitor
Source: AgentPackageSystemTools.exe, 0000003A.00000002.2162545344.000001CCB34C2000.00000002.00000001.01000000.00000033.sdmp String found in binary or memory: https://dc.services.visualstudio.com/Jhttps://rt.services.visualstudio.com/Nhttps://agent.azureservi
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.000002648026B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB363C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dc.services.visualstudio.com/X
Source: AgentPackageSystemTools.exe, 0000003A.00000002.2162545344.000001CCB34C2000.00000002.00000001.01000000.00000033.sdmp, Microsoft.ApplicationInsights.dll.14.dr String found in binary or memory: https://dc.services.visualstudio.com/api/profiles/
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2405073679.00000264F6672000.00000002.00000001.01000000.0000004B.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2162545344.000001CCB34C2000.00000002.00000001.01000000.00000033.sdmp String found in binary or memory: https://dc.services.visualstudio.com/f
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.0000026480359000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB36AE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dc.services.visualstudio.com/p
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264802BA000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB36AA000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB363C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dc.services.visualstudio.com/v2/track
Source: Microsoft.ApplicationInsights.dll.14.dr String found in binary or memory: https://dc.services.visualstudio.com/v2/trackOStartRunnerEvent
Source: Microsoft.ApplicationInsights.dll.14.dr String found in binary or memory: https://dc.services.visualstudio.com/v2/trackvhttps://dc.services.visualstudio.com/api/profiles/
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264802BA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dc.services.visualstudio.com8
Source: AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://download.splashtop.com
Source: AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7724000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7746000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB774A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://download.splashtop.com/csrs/Splashtop_Streamer_Win_DEPLOY_INSTALLER_v3.7.2.4.exe
Source: AgentPackageADRemote.exe, 0000003D.00000002.2179672190.000001E72377C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://get.an
Source: AgentPackageADRemote.exe, 0000003D.00000002.2179672190.000001E72376D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://get.anydesk.com/8CQsu9kv/AnyDesk_Custom_Client.msi
Source: AgentPackageADRemote.exe, 0000003D.00000002.2179672190.000001E72377C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://get.anydesk.com/8CQsu9kv/AnyDesk_Custom_Client.msi(
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2381256281.00000264F6352000.00000002.00000001.01000000.00000048.sdmp String found in binary or memory: https://github.com/App-vNext/Polly.git
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.1655475807.00000282FE1F2000.00000002.00000001.01000000.00000019.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.1799914480.00000194F1F52000.00000002.00000001.01000000.00000024.sdmp, AgentPackageInternalPoller.exe, 00000031.00000002.2166259653.000002DE74410000.00000002.00000001.01000000.00000036.sdmp, Newtonsoft.Json.dll6.25.dr String found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.000002648019F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.0000026480359000.00000004.00000800.00020000.00000000.sdmp, AgentPackageOsUpdates.exe, 00000032.00000002.2405073679.00000264F6672000.00000002.00000001.01000000.0000004B.sdmp String found in binary or memory: https://github.com/Microsoft/ApplicationInsights-dotnet
Source: System.Memory.dll3.25.dr String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f
Source: System.Memory.dll3.25.dr String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8
Source: Microsoft.Extensions.Configuration.EnvironmentVariables.dll.25.dr, Microsoft.Extensions.Hosting.dll.25.dr, Microsoft.Extensions.DependencyInjection.dll0.25.dr String found in binary or memory: https://github.com/dotnet/runtime
Source: AteraAgent.exe, 0000000E.00000002.2026188476.000001F5CC1D2000.00000002.00000001.01000000.00000027.sdmp String found in binary or memory: https://github.com/icsharpcode/SharpZipLib
Source: AgentPackageInternalPoller.exe, 00000031.00000002.2218687866.000002DE74772000.00000002.00000001.01000000.0000003D.sdmp String found in binary or memory: https://github.com/lextudio/sharpsnmplib.git
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2405073679.00000264F6672000.00000002.00000001.01000000.0000004B.sdmp String found in binary or memory: https://github.com/microsoft/ApplicationInsights-dotnet/issues/2560
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2405073679.00000264F6672000.00000002.00000001.01000000.0000004B.sdmp String found in binary or memory: https://monitor.azure.com//.default
Source: AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7692000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://my.splashtop.com
Source: AgentPackageSTRemote.exe, 00000020.00000000.1710763680.000001FCB6AA2000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7692000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://my.splashtop.com/csrs/win
Source: AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7692000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://my.splashtop.comP
Source: AgentPackageMonitoring.exe, 00000022.00000002.1799785537.00000194F1F48000.00000002.00000001.01000000.00000023.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.1798493130.00000194F1E72000.00000002.00000001.01000000.00000023.sdmp String found in binary or memory: https://nlog-project.org/
Source: AgentPackageMonitoring.exe, 00000022.00000000.1737446041.00000194F0A92000.00000002.00000001.01000000.0000001C.sdmp String found in binary or memory: https://packagesstore.blob.core.windows.net/installers/BitDefender/rmm.zip
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264800D6000.00000004.00000800.00020000.00000000.sdmp, AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.0000026480359000.00000004.00000800.00020000.00000000.sdmp, AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264802BA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://profiler.monitor.azure.com/
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2405073679.00000264F6672000.00000002.00000001.01000000.0000004B.sdmp String found in binary or memory: https://profiler.monitor.azure.com/l
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.0000026480359000.00000004.00000800.00020000.00000000.sdmp, AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264802BA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://profiler.monitor.azure.com/p
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120542000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120566000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/a
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/ag
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3147000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agen
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.16/AgentPackage
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3362000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.16/AgentPackageA
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3550000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.16/AgentPackageAg
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3538000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.16/AgentPackageAge
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3362000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.16/AgentPackageAgentI
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3550000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3538000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageMonitoring/0.6/AgentPackageMonitoring.zi
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3538000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36BD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageSTRemote/2.8/AgentPackageSTRemote.zip
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3550000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageSTRemote/2.8/AgentPackageSTRemote.ziph
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B316C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120542000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Availability/0.19/Agent.Package.Availability.zip
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Watchdog/2.0/Agent.Package.Watchdog.zip
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageADRemote/6.0/AgentPackageADRemote.zip
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3362000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3538000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageAgentInformation/39.1/AgentPackageAgentInformation
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageHeartbeat/17.11/AgentPackageHeartbeat.zip
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageInternalPoller/13.0/AgentPackageInternalPoller.zip
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zip
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3538000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageMonitoring/38.1/AgentPackageMonitoring.zip
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3550000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageMonitoring/38.1/AgentPackageMonitoring.ziph
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageNetworkDiscovery/13.0/AgentPackageNetworkDiscovery
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageOsUpdates/30.3/AgentPackageOsUpdates.zip
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B316C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120542000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageProgramManagement/26.9/AgentPackageProgramManageme
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3538000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageSTRemote/24.4/AgentPackageSTRemote.zip
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3550000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageSTRemote/24.4/AgentPackageSTRemote.ziph
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3147000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageSystemTools/27.12/AgentPackageSystemTools.zip
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageTaskScheduler/13.0/AgentPackageTaskScheduler.zip
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageTicketing/13.0/AgentPackageTicketing.zip
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B316C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120542000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageUpgradeAgent/28.3/AgentPackageUpgradeAgent.zip
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zip
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesne
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Availability/0.19/Agent.Package.Availability.z
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/2.0/Agent.Package.Watchdog.zip
Source: AteraAgent.exe, 00000019.00000002.2726480877.00000241205AD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/2.0/Agent.Package.Watchdog.zip?BBfn7n
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/2.0/Agent.Package.Watchdog.ziptL2Rvd2
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zip
Source: AteraAgent.exe, 00000019.00000002.2726480877.00000241205AD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zip?BBfn7nWVYn
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120566000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/39.1/AgentPackageAgentInformati
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120566000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageHeartbeat/17.14/AgentPackageHeartbeat.zip
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120566000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageInternalPoller/23.8/AgentPackageInternalPoller.z
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120566000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zip
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3538000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120566000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/38.1/AgentPackageMonitoring.zip
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/38.1/AgentPackageMonitoring.zip?BBfn7
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3550000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/38.1/AgentPackageMonitoring.ziph
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageNetworkDiscovery/23.9/AgentPackageNetworkDiscove
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120566000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageOsUpdates/30.3/AgentPackageOsUpdates.zip
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.00000241206BE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageProgramManagement/26.9/AgentPackageProgramManage
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120500000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageRuntimeInstaller/1.6/AgentPackageRuntimeInstalle
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3538000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120566000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/24.4/AgentPackageSTRemote.zip
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36BD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/24.4/AgentPackageSTRemote.zip?BBfn7nWVY
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3550000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/24.4/AgentPackageSTRemote.ziph
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3147000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120566000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSystemTools/27.12/AgentPackageSystemTools.zip
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zip
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120566000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTicketing/30.3/AgentPackageTicketing.zip
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120566000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTicketing/30.3/AgentPackageTicketing.zip?BBfn7nW
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageUpgradeAgent/28.3/AgentPackageUpgradeAgent.zip
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zip
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B316C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120542000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Availability/13.0/Agent.Package.Availability.zip
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.IotPoc/13.0/Agent.Package.IotPoc.zip
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Watchdog/13.0/Agent.Package.Watchdog.zip
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3538000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackag
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageADRemote/1.2/AgentPackageADRemote.zip
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3362000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3538000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageAgentInformation/22.7/AgentPackageAgentInformation
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageHeartbeat/16.9/AgentPackageHeartbeat.zip
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageInternalPoller/15.9/AgentPackageInternalPoller.zip
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3147000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageMarketplace/13.0/AgentPackageMarketplace.zip
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3550000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3538000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageMonitoring/22.0/AgentPackageMonitoring.zip
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageNetworkDiscovery/15.0/AgentPackageNetworkDiscovery
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageOsUpdates/1.0/AgentPackageOsUpdates.zip
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B316C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120542000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageProgramManagement/15.5/AgentPackageProgramManageme
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstaller
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B35B5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3550000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageSTRemote/16.0/AgentPackageSTRemote.zip
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3147000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageSystemTools/18.9/AgentPackageSystemTools.zip
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageTaskScheduler/13.1/AgentPackageTaskScheduler.zip
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageTicketing/18.9/AgentPackageTicketing.zip
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B316C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120542000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageUpgradeAgent/22.1/AgentPackageUpgradeAgent.zip
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageWindowsUpdate/18.3/AgentPackageWindowsUpdate.zip
Source: AgentPackageTicketing.exe, 0000002F.00000002.2680543231.0000022C8007F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/installers/EO.WebBrowser/eo.webbrowser.24.1.46.nupkgX
Source: AgentPackageSTRemote.exe, 00000020.00000000.1710763680.000001FCB6AA2000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageSTRemote.exe, 00000020.00000002.2700364613.000001FCB7692000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/installers/splashtop/win/SplashtopStreamer.exe
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3517000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36CE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3378000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120FFE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120EB3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120E9D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120BA3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3517000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36CE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31A1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3378000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36BD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120FFE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120EB3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120C04000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F05000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120F11000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120500000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120E9D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120BA3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=04c419ce-8fcd-49f9-be24-0663224247f8
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B32B6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=231e6881-379a-45eb-aedc-4edc31c26941
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31A1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=29b188da-3276-49e4-a874-132f79b96e1c
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B36BD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=33fac9c2-af36-43d8-b9fc-9310f16f1bd1
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120500000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=43b2efef-6888-4dd5-8d1b-ad938e90a3c0
Source: AteraAgent.exe, 00000019.00000002.2726480877.00000241205AD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=575db6d6-acb6-4b36-b64c-dc6e16284ee1
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3517000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=5a6e0109-47cb-4613-b1ad-bafddd1f0e02
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3378000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8ac4e392-2445-4b64-9529-422c90532705
Source: AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B31FE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a49f00b6-cd3a-432b-977d-ed047bcba6b2
Source: AteraAgent.exe, 00000019.00000002.2726480877.00000241206B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ab0deb13-b4ac-4f5b-b624-1f88ee6800cc
Source: AteraAgent.exe, 00000019.00000002.2726480877.00000241207D6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=af32ba86-f2e1-4bd5-8642-e9ef40e9422b
Source: AteraAgent.exe, 00000019.00000002.2726480877.00000241207D6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cfc0470e-8429-469b-9d80-d76afb8504d6
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120BA3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=f454c076-9f1f-4d1c-aa37-f829172df9d3
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120E9D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/v2
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120BA3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/v2/presence/sub_k
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120E9D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120BA3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/91d65b6a
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120898000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120FC0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/v2/subscrib
Source: AteraAgent.exe, 00000019.00000002.2726480877.00000241207D6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/v2/subscribe/su
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120E30000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-b
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120566000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-
Source: AteraAgent.exe, 00000019.00000002.2726480877.0000024120BA3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000019.00000002.2726480877.0000024120FC0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/91d65b6a-c69b-4419-a93a
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264802BA000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB363C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rt.services.visualstudio.com/
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2405073679.00000264F6672000.00000002.00000001.01000000.0000004B.sdmp String found in binary or memory: https://rt.services.visualstudio.com/l
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.0000026480359000.00000004.00000800.00020000.00000000.sdmp, AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264802BA000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2162545344.000001CCB34C2000.00000002.00000001.01000000.00000033.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB36AE000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB363C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rt.services.visualstudio.com/p
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264802BA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://snapshot.monitor
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264800D6000.00000004.00000800.00020000.00000000.sdmp, AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.0000026480359000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://snapshot.monitor.azure.com/
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2405073679.00000264F6672000.00000002.00000001.01000000.0000004B.sdmp String found in binary or memory: https://snapshot.monitor.azure.com/&
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.0000026480359000.00000004.00000800.00020000.00000000.sdmp, AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264802BA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://snapshot.monitor.azure.com/p
Source: AgentPackageMonitoring.exe, 00000022.00000002.1801345102.00000194F2012000.00000002.00000001.01000000.00000025.sdmp String found in binary or memory: https://system.data.sqlite.org/
Source: AgentPackageMonitoring.exe, 00000022.00000002.1802279327.00000194F2074000.00000002.00000001.01000000.00000025.sdmp String found in binary or memory: https://system.data.sqlite.org/X
Source: AgentPackageMonitoring.exe, 00000022.00000002.1801345102.00000194F2012000.00000002.00000001.01000000.00000025.sdmp String found in binary or memory: https://urn.to/r/sds_see
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.0000026480359000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://westeurope-5.in.applicationinsights.azure.co
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.0000026480359000.00000004.00000800.00020000.00000000.sdmp, AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264801B7000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB36AE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://westeurope-5.in.applicationinsights.azure.com
Source: AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB36AE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://westeurope-5.in.applicationinsights.azure.com/
Source: AgentPackageOsUpdates.exe, 00000032.00000000.2058477375.00000264F5232000.00000002.00000001.01000000.0000002A.sdmp, AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.000002648026B000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB35C1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000000.2100922573.000001CCB2C22000.00000002.00000001.01000000.0000002D.sdmp String found in binary or memory: https://westeurope-5.in.applicationinsights.azure.com/;LiveEndpoint=https://westeurope.livediagnosti
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.0000026480359000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB36AE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://westeurope-5.in.applicationinsights.azure.com/api/profiles/
Source: AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.00000264800D6000.00000004.00000800.00020000.00000000.sdmp, AgentPackageOsUpdates.exe, 00000032.00000002.2215101053.0000026480359000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB36AE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://westeurope-5.in.applicationinsights.azure.com/v2/track
Source: AgentPackageSystemTools.exe, 0000003A.00000002.2168508955.000001CCB36AE000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://westeurope.livediagnostics.monitor.azure.com/
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, Nota-fiscal2.1.msi String found in binary or memory: https://www.digicert.com/CPS0
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.newtonsoft.com/json
Source: Newtonsoft.Json.dll6.25.dr String found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: AgentPackageMonitoring.exe, 00000022.00000002.1799785537.00000194F1F48000.00000002.00000001.01000000.00000023.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.1798493130.00000194F1E72000.00000002.00000001.01000000.00000023.sdmp String found in binary or memory: https://www.nuget.org/packages/NLog.Web.AspNetCore
Source: rundll32.exe, 00000004.00000003.1426410096.0000000004E58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1439934966.0000000004706000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1477251410.000000000494E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B3752000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000E.00000002.1984148358.000001F5B33C5000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000011.00000003.1543903051.00000000047D4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000013.00000002.1655475807.00000282FE1F2000.00000002.00000001.01000000.00000019.sdmp, AgentPackageMonitoring.exe, 00000022.00000002.1799914480.00000194F1F52000.00000002.00000001.01000000.00000024.sdmp, AgentPackageInternalPoller.exe, 00000031.00000002.2166259653.000002DE74410000.00000002.00000001.01000000.00000036.sdmp, AgentPackageMarketplace.exe, 00000039.00000002.2374121318.000001AFDE1D2000.00000002.00000001.01000000.00000045.sdmp, Newtonsoft.Json.dll6.25.dr String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Source: AgentPackageMonitoring.exe String found in binary or memory: https://www.sqlite.org/copyright.html
Source: AgentPackageMonitoring.exe, 00000022.00000002.1820211384.00007FFBA3BC4000.00000002.00000001.01000000.0000001D.sdmp, SQLite.Interop.dll.14.dr String found in binary or memory: https://www.sqlite.org/copyright.html2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_93E8F0A6DF0B1F1414474691911362FC Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1 Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944 Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95 Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4