Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
AGLCStructuredSettlementsInstaller.exe

Overview

General Information

Sample name:AGLCStructuredSettlementsInstaller.exe
Analysis ID:1428780
MD5:a53cb926ff7c4af575102bc08594327f
SHA1:03d6a95e1eec98cf7eaebe508166700748b153ea
SHA256:f7139b8276726858e5f3e05939e012506beec45c93a062ea6469bfb76bd1958a
Infos:

Detection

Score:25
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Yara detected Generic Downloader
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Process Tree

  • System is w10x64
  • AGLCStructuredSettlementsInstaller.exe (PID: 6704 cmdline: "C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exe" MD5: A53CB926FF7C4AF575102BC08594327F)
    • AGLCStructuredSettlementsInstaller.exe (PID: 5796 cmdline: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exe /q"C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exe" /tempdisk1folder"C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}" /IS_temp MD5: A53CB926FF7C4AF575102BC08594327F)
      • msiexec.exe (PID: 2128 cmdline: "C:\Windows\system32\MSIEXEC.EXE" /i "C:\Users\user\AppData\Local\Downloaded Installations\{2DAE1BFB-6F68-4AD8-A074-1F290D098EE1}\Structured Settlements.msi" SETUPEXEDIR="C:\Users\user\Desktop" SETUPEXENAME="AGLCStructuredSettlementsInstaller.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • cmd.exe (PID: 1136 cmdline: "C:\Windows\system32\cmd.exe" /c rmdir /s /q "C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 2664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • msiexec.exe (PID: 3164 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Roaming\AGL\Structured Settlements\TallComponents.PDF.Controls.WinForms.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Snort Signatures

    No Snort rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E452B0 CryptDestroyKey,0_2_00E452B0
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E454D4 CryptAcquireContextW,CryptReleaseContext,CryptDestroyHash,0_2_00E454D4
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E45457 CoCreateGuid,StringFromGUID2,CryptAcquireContextW,CryptCreateHash,0_2_00E45457
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_003A52B0 CryptDestroyKey,1_2_003A52B0
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_003A5457 CoCreateGuid,StringFromGUID2,CryptAcquireContextW,CryptCreateHash,1_2_003A5457
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_003A54D4 CryptAcquireContextW,CryptReleaseContext,CryptDestroyHash,1_2_003A54D4
    Source: AGLCStructuredSettlementsInstaller.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\EULA.rtfJump to behavior
    Source: AGLCStructuredSettlementsInstaller.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: Binary string: c:\Projects\12.2\BuildLabel\Temp\NetStudio.v12.2.2005\Win\DevExpress.Office\DevExpress.Office.Core\obj\Release\DevExpress.Office.v12.2.Core.pdb source: DevExpress.Office.v12.2.Core.dll.3.dr
    Source: Binary string: C:\CodeBases\isdev\redist\Language Independent\i386\setupPreReq.pdb source: AGLCStructuredSettlementsInstaller.exe
    Source: Binary string: C:\CodeBases\isdev\Src\BackEnd\Locked\IsIcoRes\isicores.pdb source: Structured Settlements.msi0.1.dr
    Source: Binary string: E:\jh\a1\211fd6b4\workspace\feature_td_merge12f3a54d\AGLCSS.ClientCase\obj\Release\AGLCSS.ClientCaseInfo.pdb source: AGLCSS.ClientCaseInfo.dll.3.dr
    Source: Binary string: C:\CodeBases\isdev\redist\Language Independent\i386\SetAllUsers.pdb source: Structured Settlements.msi0.1.dr
    Source: Binary string: C:\CodeBases\isdev\redist\Language Independent\i386\setupPreReq.pdbH source: AGLCStructuredSettlementsInstaller.exe
    Source: Binary string: C:\CodeBases\isdev\redist\language independent\i386\ISRegSvr.pdb source: Structured Settlements.msi0.1.dr
    Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E2C759 __EH_prolog3_GS,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,DeleteFileW,FindClose,0_2_00E2C759
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E154A5 __EH_prolog3_GS,GetTempPathW,FindFirstFileW,CompareFileTime,DeleteFileW,FindNextFileW,FindClose,0_2_00E154A5
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_003754A5 __EH_prolog3_GS,GetTempPathW,FindFirstFileW,CompareFileTime,DeleteFileW,FindNextFileW,FindClose,1_2_003754A5
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_0038C759 __EH_prolog3_GS,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,DeleteFileW,FindClose,1_2_0038C759

    Networking

    barindex
    Yara detected Generic Downloader
    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\TallComponents.PDF.Controls.WinForms.dll, type: DROPPED
    Source: Structured Settlements.msi0.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: Structured Settlements.msi0.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
    Source: Structured Settlements.msi0.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: Structured Settlements.msi0.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: DevExpress.Office.v12.2.Core.dll.3.drString found in binary or memory: http://certificates.godaddy.com/repository/0
    Source: DevExpress.Office.v12.2.Core.dll.3.drString found in binary or memory: http://certificates.godaddy.com/repository/gd_intermediate.crt0
    Source: DevExpress.Office.v12.2.Core.dll.3.drString found in binary or memory: http://certificates.godaddy.com/repository/gdroot.crl0K
    Source: DevExpress.Office.v12.2.Core.dll.3.drString found in binary or memory: http://certificates.godaddy.com/repository0
    Source: DevExpress.Office.v12.2.Core.dll.3.drString found in binary or memory: http://certificates.godaddy.com/repository100.
    Source: DevExpress.Office.v12.2.Core.dll.3.drString found in binary or memory: http://crl.godaddy.com/gds5-16.crl0S
    Source: Structured Settlements.msi0.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: Structured Settlements.msi0.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
    Source: Structured Settlements.msi0.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: Structured Settlements.msi0.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: Structured Settlements.msi0.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
    Source: Structured Settlements.msi0.1.drString found in binary or memory: http://ocsp.digicert.com0
    Source: Structured Settlements.msi0.1.drString found in binary or memory: http://ocsp.digicert.com0A
    Source: Structured Settlements.msi0.1.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: Structured Settlements.msi0.1.drString found in binary or memory: http://ocsp.digicert.com0X
    Source: DevExpress.Office.v12.2.Core.dll.3.drString found in binary or memory: http://ocsp.godaddy.com/0J
    Source: DevExpress.Office.v12.2.Core.dll.3.drString found in binary or memory: http://ocsp.godaddy.com0F
    Source: AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1791232934.0000000004B20000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.2229552461.0000000004AF3000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1790956570.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1791410497.0000000004B1F000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.2229380795.0000000004AF2000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.2229188521.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1792335082.0000000004B25000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1791559145.0000000004AF9000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1790835496.0000000004B18000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1794284895.0000000004B23000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1792020776.0000000004B26000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1791479808.0000000004B23000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1790472353.0000000004AF9000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1790662848.0000000004AFA000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1790296600.0000000004B25000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1791166073.0000000004B16000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1790397779.0000000004B1F000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1792770948.0000000004B23000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1790883439.0000000004B23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://saturn.installshield.com/is/prerequisites/microsoft
    Source: AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1843957737.0000000004B6C000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1822054656.0000000004B67000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1843819004.0000000004B40000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1843977341.0000000004B6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.CorebridgeFinancial.com
    Source: AGLC107709-FL-2018.pdf.3.drString found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
    Source: Aspose.PDF.xml.3.drString found in binary or memory: http://www.aiim.org/pdfa/ns/field#
    Source: AGLC107709-FL-2018.pdf.3.dr, Aspose.PDF.xml.3.drString found in binary or memory: http://www.aiim.org/pdfa/ns/property#
    Source: AGLC107709-FL-2018.pdf.3.drString found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
    Source: Aspose.PDF.xml.3.drString found in binary or memory: http://www.aiim.org/pdfa/ns/type#
    Source: AGLC107709-FL-2018.pdf.3.drString found in binary or memory: http://www.aiim.org/pdfua/ns/id/
    Source: Aspose.PDF.xml.3.drString found in binary or memory: http://www.aspose.com
    Source: DevExpress.Office.v12.2.Core.dll.3.drString found in binary or memory: http://www.devexpress.com
    Source: Structured Settlements.msi0.1.drString found in binary or memory: http://www.digicert.com/CPS0
    Source: Structured Settlements.msi0.1.drString found in binary or memory: http://www.flexerasoftware.com0
    Source: AGLCStructuredSettlementsInstaller.exeString found in binary or memory: http://www.installshield.com/isetup/ProErrorCentral.asp?ErrorCode=%d
    Source: Aspose.PDF.xml.3.drString found in binary or memory: https://developer.apple.com/fonts/TrueType-Reference-Manual/RM06/Chap6cmap.html.
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E3F2C0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,0_2_00E3F2C0
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_0039F2C0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,1_2_0039F2C0
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4889b3.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9462.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}\ARPPRODUCTICON.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}\_1B086178_A74C_45CD_B17B_C24F85AAF899Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}\ApplicationShortcu_5528DECE9BBB4B31B1CE01660AA713F5.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}\DesktopShortcut_9CC916EFDE5E4C0BBC65AF72911A3204.exeJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4889b5.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4889b5.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\4889b5.msiJump to behavior
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E6877C0_2_00E6877C
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E4497A0_2_00E4497A
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00DF6AC10_2_00DF6AC1
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E54B9E0_2_00E54B9E
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E5B1000_2_00E5B100
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00DED2300_2_00DED230
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E11AD10_2_00E11AD1
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00DE9BE00_2_00DE9BE0
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E29B590_2_00E29B59
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00DEDD700_2_00DEDD70
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_00371AD11_2_00371AD1
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_00389B591_2_00389B59
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_003C877C1_2_003C877C
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_003A497A1_2_003A497A
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_00356AC11_2_00356AC1
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_003B4B9E1_2_003B4B9E
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_003BB1001_2_003BB100
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_0034D2301_2_0034D230
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_00349BE01_2_00349BE0
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_0034DD701_2_0034DD70
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: String function: 0035070A appears 45 times
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: String function: 00399B85 appears 348 times
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: String function: 00347AA0 appears 313 times
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: String function: 0035099E appears 65 times
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: String function: 00399B52 appears 506 times
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: String function: 00346B40 appears 52 times
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: String function: 00355EAE appears 79 times
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: String function: 0035678B appears 34 times
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: String function: 00DF678B appears 34 times
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: String function: 00DF070A appears 43 times
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: String function: 00DE6B40 appears 52 times
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: String function: 00E39B52 appears 505 times
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: String function: 00DE7AA0 appears 312 times
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: String function: 00DF099E appears 65 times
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: String function: 00DF5EAE appears 80 times
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: String function: 00E39B85 appears 348 times
    Source: AGLCStructuredSettlementsInstaller.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: sus25.troj.winEXE@9/533@0/0
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E3F2C0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,0_2_00E3F2C0
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_0039F2C0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,1_2_0039F2C0
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E37CF7 lstrcpyW,GetDiskFreeSpaceExW,0_2_00E37CF7
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E1A150 CoCreateInstance,0_2_00E1A150
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E3E97C __EH_prolog3_GS,LoadResource,0_2_00E3E97C
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeFile created: C:\Users\user\AppData\Local\Downloaded InstallationsJump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2664:120:WilError_03
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}Jump to behavior
    Source: AGLCStructuredSettlementsInstaller.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeFile read: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\_ISMSIDEL.INIJump to behavior
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeFile read: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exe "C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exe"
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exe C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exe /q"C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exe" /tempdisk1folder"C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}" /IS_temp
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\system32\MSIEXEC.EXE" /i "C:\Users\user\AppData\Local\Downloaded Installations\{2DAE1BFB-6F68-4AD8-A074-1F290D098EE1}\Structured Settlements.msi" SETUPEXEDIR="C:\Users\user\Desktop" SETUPEXENAME="AGLCStructuredSettlementsInstaller.exe"
    Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c rmdir /s /q "C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}"
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exe C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exe /q"C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exe" /tempdisk1folder"C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}" /IS_tempJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\system32\MSIEXEC.EXE" /i "C:\Users\user\AppData\Local\Downloaded Installations\{2DAE1BFB-6F68-4AD8-A074-1F290D098EE1}\Structured Settlements.msi" SETUPEXEDIR="C:\Users\user\Desktop" SETUPEXENAME="AGLCStructuredSettlementsInstaller.exe"Jump to behavior
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c rmdir /s /q "C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}"Jump to behavior
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeSection loaded: msi.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msihnd.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dwmapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: pcacli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: oleacc.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowscodecs.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: riched20.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: usp10.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msls31.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: linkinfo.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ntshrui.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: cscapi.dllJump to behavior
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeFile written: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\_ISMSIDEL.INIJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: Next >
    Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: I accept the terms in the license agreement
    Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: Next >
    Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: Next >
    Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: Install
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: AGLCStructuredSettlementsInstaller.exeStatic file information: File size 90597468 > 1048576
    Source: AGLCStructuredSettlementsInstaller.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: AGLCStructuredSettlementsInstaller.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: AGLCStructuredSettlementsInstaller.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: AGLCStructuredSettlementsInstaller.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: AGLCStructuredSettlementsInstaller.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: AGLCStructuredSettlementsInstaller.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: AGLCStructuredSettlementsInstaller.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: AGLCStructuredSettlementsInstaller.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: c:\Projects\12.2\BuildLabel\Temp\NetStudio.v12.2.2005\Win\DevExpress.Office\DevExpress.Office.Core\obj\Release\DevExpress.Office.v12.2.Core.pdb source: DevExpress.Office.v12.2.Core.dll.3.dr
    Source: Binary string: C:\CodeBases\isdev\redist\Language Independent\i386\setupPreReq.pdb source: AGLCStructuredSettlementsInstaller.exe
    Source: Binary string: C:\CodeBases\isdev\Src\BackEnd\Locked\IsIcoRes\isicores.pdb source: Structured Settlements.msi0.1.dr
    Source: Binary string: E:\jh\a1\211fd6b4\workspace\feature_td_merge12f3a54d\AGLCSS.ClientCase\obj\Release\AGLCSS.ClientCaseInfo.pdb source: AGLCSS.ClientCaseInfo.dll.3.dr
    Source: Binary string: C:\CodeBases\isdev\redist\Language Independent\i386\SetAllUsers.pdb source: Structured Settlements.msi0.1.dr
    Source: Binary string: C:\CodeBases\isdev\redist\Language Independent\i386\setupPreReq.pdbH source: AGLCStructuredSettlementsInstaller.exe
    Source: Binary string: C:\CodeBases\isdev\redist\language independent\i386\ISRegSvr.pdb source: Structured Settlements.msi0.1.dr
    Source: AGLCStructuredSettlementsInstaller.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: AGLCStructuredSettlementsInstaller.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: AGLCStructuredSettlementsInstaller.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: AGLCStructuredSettlementsInstaller.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: AGLCStructuredSettlementsInstaller.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: Newtonsoft.Json.dll.3.drStatic PE information: 0x8AD6F8DA [Sun Oct 25 00:03:38 2043 UTC]
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E38011 __EH_prolog3_GS,LoadLibraryW,GetProcAddress,#17,0_2_00E38011
    Source: AGLCStructuredSettlementsInstaller.exeStatic PE information: section name: .didat
    Source: AGLCStructuredSettlementsInstaller.exe.0.drStatic PE information: section name: .didat
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E3A610 push ecx; ret 0_2_00E3A623
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E6477C push dword ptr [esp+ecx-75h]; iretd 0_2_00E64780
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E39B20 push ecx; ret 0_2_00E39B33
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_0039A610 push ecx; ret 1_2_0039A623
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_003C477C push dword ptr [esp+ecx-75h]; iretd 1_2_003C4780
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_00399B20 push ecx; ret 1_2_00399B33
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Data.v10.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Utils.v10.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraNavBar.v12.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraGrid.v12.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\System.Numerics.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Wnl.SS.Quote.QuoteProcessor.DomainLayer.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Calc.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraLayout.v12.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.RichEdit.v12.2.Core.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Ciloci.Flee.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Enumerations.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\RestSharp.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Printing.v12.2.Core.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.BonusSkins.v12.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\IMG.WCF.BehaviourExtension.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Deployment.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Office.v12.2.Core.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.ClientCaseInfo.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Messages.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Kjs.AppLife.Update.Controller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}\_1B086178_A74C_45CD_B17B_C24F85AAF899Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\TallComponents.PDF.Controls.WinForms.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Data.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Web.v12.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.ClientReader.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}\DesktopShortcut_9CC916EFDE5E4C0BBC65AF72911A3204.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.ProductInfo.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Agents.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.ClientInfo.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}\ApplicationShortcu_5528DECE9BBB4B31B1CE01660AA713F5.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Mortality.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraEditors.v10.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Validation.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\System.Data.SQLite.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\System.Dynamic.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\x86\SQLite.Interop.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraRichEdit.v12.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Credit.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Splash.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\System.Data.SQLite.EF6.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\IntegratedCalculationEngine.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.PDFViewer.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Microsoft.CSharp.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraTreeList.v12.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Data.v12.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Wnl.SS.Quote.QuoteProcessor.DataTransformationLayer.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Aspose.PDF.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\EntityFramework.SqlServer.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}\ARPPRODUCTICON.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraBars.v12.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Activation.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\itextsharp.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Print.dllJump to dropped file
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\EntityFramework.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Helpers.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DotNetZip.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\System.Data.SQLite.Linq.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraEditors.v12.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\x64\SQLite.Interop.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Utils.v12.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}\_1B086178_A74C_45CD_B17B_C24F85AAF899Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}\DesktopShortcut_9CC916EFDE5E4C0BBC65AF72911A3204.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}\ApplicationShortcu_5528DECE9BBB4B31B1CE01660AA713F5.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}\ARPPRODUCTICON.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}\_1B086178_A74C_45CD_B17B_C24F85AAF899Jump to dropped file
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E0F0D0 __EH_prolog3_GS,CoCreateGuid,CreateDirectoryW,GetPrivateProfileStringW,CreateDirectoryW,0_2_00E0F0D0
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_0036F0D0 __EH_prolog3_GS,CoCreateGuid,CreateDirectoryW,GetPrivateProfileStringW,CreateDirectoryW,1_2_0036F0D0
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\EULA.rtfJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corebridge FinancialJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corebridge Financial\Structured SettlementsJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corebridge Financial\Structured Settlements\AGLC Structured Settlements.lnkJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Data.v10.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Utils.v10.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraNavBar.v12.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraGrid.v12.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\System.Numerics.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Wnl.SS.Quote.QuoteProcessor.DomainLayer.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Calc.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraLayout.v12.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.RichEdit.v12.2.Core.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Enumerations.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Ciloci.Flee.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\RestSharp.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Printing.v12.2.Core.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Deployment.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.BonusSkins.v12.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\IMG.WCF.BehaviourExtension.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Office.v12.2.Core.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.ClientCaseInfo.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Messages.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Kjs.AppLife.Update.Controller.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}\_1B086178_A74C_45CD_B17B_C24F85AAF899Jump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\TallComponents.PDF.Controls.WinForms.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Data.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Web.v12.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.ClientReader.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.ProductInfo.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}\DesktopShortcut_9CC916EFDE5E4C0BBC65AF72911A3204.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Agents.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.ClientInfo.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}\ApplicationShortcu_5528DECE9BBB4B31B1CE01660AA713F5.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Mortality.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraEditors.v10.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Validation.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\System.Data.SQLite.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\System.Dynamic.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\x86\SQLite.Interop.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Newtonsoft.Json.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraRichEdit.v12.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Credit.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Splash.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\System.Data.SQLite.EF6.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\IntegratedCalculationEngine.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.PDFViewer.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Microsoft.CSharp.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraTreeList.v12.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Data.v12.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Wnl.SS.Quote.QuoteProcessor.DataTransformationLayer.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Aspose.PDF.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\EntityFramework.SqlServer.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}\ARPPRODUCTICON.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraBars.v12.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Activation.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\itextsharp.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Print.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\EntityFramework.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Helpers.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DotNetZip.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\System.Data.SQLite.Linq.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraEditors.v12.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Utils.v12.2.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\x64\SQLite.Interop.dllJump to dropped file
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-61482
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeAPI coverage: 6.3 %
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeFile Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E2C759 __EH_prolog3_GS,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,DeleteFileW,FindClose,0_2_00E2C759
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E154A5 __EH_prolog3_GS,GetTempPathW,FindFirstFileW,CompareFileTime,DeleteFileW,FindNextFileW,FindClose,0_2_00E154A5
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_003754A5 __EH_prolog3_GS,GetTempPathW,FindFirstFileW,CompareFileTime,DeleteFileW,FindNextFileW,FindClose,1_2_003754A5
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_0038C759 __EH_prolog3_GS,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,DeleteFileW,FindClose,1_2_0038C759
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E36278 __EH_prolog3,CreateFileW,CreateFileMappingW,GetSystemInfo,MapViewOfFile,IsBadReadPtr,UnmapViewOfFile,MapViewOfFile,UnmapViewOfFile,IsBadReadPtr,GetLastError,UnmapViewOfFile,CloseHandle,CloseHandle,CloseHandle,0_2_00E36278
    Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E567F9 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00E567F9
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E38011 __EH_prolog3_GS,LoadLibraryW,GetProcAddress,#17,0_2_00E38011
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E5E71A mov eax, dword ptr fs:[00000030h]0_2_00E5E71A
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_003BE71A mov eax, dword ptr fs:[00000030h]1_2_003BE71A
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00DF2400 GetFileSize,GetProcessHeap,HeapAlloc,ReadFile,_strlen,_wcslen,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,ReadFile,GetProcessHeap,HeapFree,0_2_00DF2400
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E3A060 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00E3A060
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E567F9 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00E567F9
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E3A810 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00E3A810
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E3A9B5 SetUnhandledExceptionFilter,0_2_00E3A9B5
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_0039A060 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0039A060
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_003B67F9 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_003B67F9
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_0039A810 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0039A810
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: 1_2_0039A9B5 SetUnhandledExceptionFilter,1_2_0039A9B5
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E02230 GetDlgItem,GetDlgItem,GetModuleFileNameW,_wcslen,ShellExecuteExW,WaitForInputIdle,ShowWindow,WaitForSingleObject,GetExitCodeProcess,CloseHandle,0_2_00E02230
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exe c:\users\user\appdata\local\temp\{978b1b8a-e3ca-4b77-9a20-8153b898500e}\aglcstructuredsettlementsinstaller.exe /q"c:\users\user\desktop\aglcstructuredsettlementsinstaller.exe" /tempdisk1folder"c:\users\user\appdata\local\temp\{978b1b8a-e3ca-4b77-9a20-8153b898500e}" /is_temp
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exe c:\users\user\appdata\local\temp\{978b1b8a-e3ca-4b77-9a20-8153b898500e}\aglcstructuredsettlementsinstaller.exe /q"c:\users\user\desktop\aglcstructuredsettlementsinstaller.exe" /tempdisk1folder"c:\users\user\appdata\local\temp\{978b1b8a-e3ca-4b77-9a20-8153b898500e}" /is_tempJump to behavior
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E242EE __EH_prolog3_GS,InitializeSecurityDescriptor,CreateWellKnownSid,CreateWellKnownSid,CreateWellKnownSid,CreateWellKnownSid,CreateWellKnownSid,SetEntriesInAclW,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,SetSecurityDescriptorDacl,CoInitializeSecurity,LocalFree,0_2_00E242EE
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E4343D GetCurrentThread,OpenThreadToken,GetLastError,GetLastError,GetCurrentProcess,OpenProcessToken,GetLastError,GetTokenInformation,GetTokenInformation,GetLastError,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,0_2_00E4343D
    Source: AGLCStructuredSettlementsInstaller.exeBinary or memory string: Shell_TrayWnd
    Source: AGLCStructuredSettlementsInstaller.exeBinary or memory string: BShell_TrayWnd0x0409DevStudio/IDE/Workspaces/MM_FilesExlusion/FilesExlusionMM_GUIDInclusionFileNamesDevStudio/IDE/Workspaces/CustomAction/*IS_ActionTypeDescriptionDevStudio/IDE/Workspaces/CustomAction/IS_Action[@Name="{GUID}.%s"]DevStudio/IDE/Workspaces/UpdateService/ISUS_CmdLineDevStudio/IDE/Workspaces/MsiDialog/DialogLockDevStudio/IDE/Workspaces/ScriptDialog/IS_ScriptDialogDisplayNameScriptMSIOnlyDevStudio/IDE/Workspaces/ScriptDialog/IS_ScriptTextStyleLangFaceNameSizeStyleBitsColorDevStudio/Scanners/DotNetExclusionListPathDevStudio/IDE/NewProjectDlg/IS_HidePrjTypeEPrjTypeDevStudio/IDE/Workspaces/SQLScripts/IS_MetaDataAdoDriverNameAdoCxnDriverAdoCxnServerAdoCxnDatabaseAdoCxnUserIDAdoCxnPasswordAdoCxnWindowsSecurityAdoCxnNetLibraryVersionBeginTokenVersionEndTokenVersionInfoCmdTestDatabaseCmdTestTableCmdLocalInstanceNamesCreateDbCmdSwitchDbCmdISAttributesTestTableCmd2WinAuthentUserIdDsnODBCNameAdoCxnPortAdoCxnAdditionalQueryDatabasesCmdCreateTableCmdInsertRecordCmdSelectTableCmdScriptVersion_TableScriptVersion_ColumnScriptVersion_ColumnTypePRQFileX86PRQFileX64DevStudio/IDE/Workspaces/SQLScripts/IS_MetaData[@Name="%s"]/Properties/PropertyDevStudio/IDE/Workspaces/SQLScripts/IS_MetaData[@Name="%s"]/ProductVersions/ProductVersionMajorVersionServicePackLevelDevStudio/IDE/Workspaces/SQLScripts/IS_MetaData[@Name="%s"]/Drivers/DriverDevStudio/IDE/Workspaces/SQLScripts/DBImport_ColumnTypeNullableDefaultValueDevStudio/IDE/Workspaces/SQLScripts/DBImport_BulkCopyPropRowDelimiterColumnDelimiterDevStudio/Build/Settings/MSI30DevStudio/Build/Settings/MSI31versionDevStudio/Build/DotNetRedistributables/NetFx[@key="0"]DevStudio/Build/DotNetRedistributables/NetFx[@key="1"]DevStudio/Build/DotNetRedistributables/NetFx[@key="2"]VersionCoreLangLangPackDevStudio/IDE/Workspaces/ClickOnce/Permissions/*ZonesSourceMetaDataDevStudio/DIM/PredefinedTargetFolders/PredefinedTargetFolderVarNameVarValueDevStudio/DIM/Languages/LanguageMsiLangIdCountryVariantIdDevStudio/IDE/StringImportExport/StringImportEscCharsAsLiteralDevStudio/ISXML/Encodings/EncodingDevStudio/Build/EmptyTableDispositionDevStudio/Build/EmptyTableDisposition/*KeepDropRef:DevStudio/Build/WarningsDisableDevStudio/Build/DirectoryReferences/ReferenceTableColumnDevStudio/Build/DigitalSignatureDevStudio/Build/DigitalSignature[@TimestampRFC3161]TimestampTimestampRFC3161DevStudio/Build/DelayBetweenSigningdefaultDevStudio/Build/DigitalSignature[@Platform]PlatformDevStudio/Build/DigitalSignature[@ValidateSetupAndMSISignatures]ValidateSetupAndMSISignaturesDevStudio/Build/ComExtractionTimeoutDevStudio/ISMobile/MobileDevices/MobileDeviceMaskDevStudio/ISMobile/MobileDevices/MobileDevice[@Mask="%d"]DevStudio/ISMobile/MobileDevices/MobileDevice[@Mask="%d"]/UnsupportedPlatforms/PlatformPlatformMinPlatformMaxDeviceNamePlatformNamePlatformStringBuildMaxScreenSupportDevStudio/ISMobile/MobileRedists/MobileRedistDevStudio/ISMobile/MobileRedists/MobileRedist[@Name="%s"]/ShortCabFileNames/ShortCabFileExtDevStudio/ISMobile/MobileRedistPath
    Source: AGLCStructuredSettlementsInstaller.exe, 00000001.00000000.1784594942.00000000003E5000.00000002.00000001.01000000.00000004.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000002.2229880234.00000000003E5000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: 6Shell_TrayWnd0x0409DevStudio/IDE/Workspaces/MM_FilesExlusion/FilesExlusionMM_GUIDInclusionFileNamesDevStudio/IDE/Workspaces/CustomAction/*IS_ActionTypeDescriptionDevStudio/IDE/Workspaces/CustomAction/IS_Action[@Name="{GUID}.%s"]DevStudio/IDE/Workspaces/UpdateService/ISUS_CmdLineDevStudio/IDE/Workspaces/MsiDialog/DialogLockDevStudio/IDE/Workspaces/ScriptDialog/IS_ScriptDialogDisplayNameScriptMSIOnlyDevStudio/IDE/Workspaces/ScriptDialog/IS_ScriptTextStyleLangFaceNameSizeStyleBitsColorDevStudio/Scanners/DotNetExclusionListPathDevStudio/IDE/NewProjectDlg/IS_HidePrjTypeEPrjTypeDevStudio/IDE/Workspaces/SQLScripts/IS_MetaDataAdoDriverNameAdoCxnDriverAdoCxnServerAdoCxnDatabaseAdoCxnUserIDAdoCxnPasswordAdoCxnWindowsSecurityAdoCxnNetLibraryVersionBeginTokenVersionEndTokenVersionInfoCmdTestDatabaseCmdTestTableCmdLocalInstanceNamesCreateDbCmdSwitchDbCmdISAttributesTestTableCmd2WinAuthentUserIdDsnODBCNameAdoCxnPortAdoCxnAdditionalQueryDatabasesCmdCreateTableCmdInsertRecordCmdSelectTableCmdScriptVersion_TableScriptVersion_ColumnScriptVersion_ColumnTypePRQFileX86PRQFileX64DevStudio/IDE/Workspaces/SQLScripts/IS_MetaData[@Name="%s"]/Properties/PropertyDevStudio/IDE/Workspaces/SQLScripts/IS_MetaData[@Name="%s"]/ProductVersions/ProductVersionMajorVersionServicePackLevelDevStudio/IDE/Workspaces/SQLScripts/IS_MetaData[@Name="%s"]/Drivers/DriverDevStudio/IDE/Workspaces/SQLScripts/DBImport_ColumnTypeNullableDefaultValueDevStudio/IDE/Workspaces/SQLScripts/DBImport_BulkCopyPropRowDelimiterColumnDelimiterDevStudio/Build/Settings/MSI30DevStudio/Build/Settings/MSI31versionDevStudio/Build/DotNetRedistributables/NetFx[@key="0"]DevStudio/Build/DotNetRedistributables/NetFx[@key="1"]DevStudio/Build/DotNetRedistributables/NetFx[@key="2"]VersionCoreLangLangPackDevStudio/IDE/Workspaces/ClickOnce/Permissions/*ZonesSourceMetaDataDevStudio/DIM/PredefinedTargetFolders/PredefinedTargetFolderVarNameVarValueDevStudio/DIM/Languages/LanguageMsiLangIdCountryVariantIdDevStudio/IDE/StringImportExport/StringImportEscCharsAsLiteralDevStudio/ISXML/Encodings/EncodingDevStudio/Build/EmptyTableDispositionDevStudio/Build/EmptyTableDisposition/*KeepDropRef:DevStudio/Build/WarningsDisableDevStudio/Build/DirectoryReferences/ReferenceTableColumnDevStudio/Build/DigitalSignatureDevStudio/Build/DigitalSignature[@TimestampRFC3161]TimestampTimestampRFC3161DevStudio/Build/DelayBetweenSigningdefaultDevStudio/Build/DigitalSignature[@Platform]PlatformDevStudio/Build/DigitalSignature[@ValidateSetupAndMSISignatures]ValidateSetupAndMSISignaturesDevStudio/Build/ComExtractionTimeoutDevStudio/ISMobile/MobileDevices/MobileDeviceMaskDevStudio/ISMobile/MobileDevices/MobileDevice[@Mask="%d"]DevStudio/ISMobile/MobileDevices/MobileDevice[@Mask="%d"]/UnsupportedPlatforms/PlatformPlatformMinPlatformMaxDeviceNamePlatformNamePlatformStringBuildMaxScreenSupportDevStudio/ISMobile/MobileRedists/MobileRedistDevStudio/ISMobile/MobileRedists/MobileRedist[@Name="%s"]/ShortCabFileNames/ShortCabFileExtDevStudio/ISMobile/MobileRedistPath
    Source: AGLCStructuredSettlementsInstaller.exe, 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000000.00000000.1759602922.0000000000E85000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: Shell_TrayWnd0x0409DevStudio/IDE/Workspaces/MM_FilesExlusion/FilesExlusionMM_GUIDInclusionFileNamesDevStudio/IDE/Workspaces/CustomAction/*IS_ActionTypeDescriptionDevStudio/IDE/Workspaces/CustomAction/IS_Action[@Name="{GUID}.%s"]DevStudio/IDE/Workspaces/UpdateService/ISUS_CmdLineDevStudio/IDE/Workspaces/MsiDialog/DialogLockDevStudio/IDE/Workspaces/ScriptDialog/IS_ScriptDialogDisplayNameScriptMSIOnlyDevStudio/IDE/Workspaces/ScriptDialog/IS_ScriptTextStyleLangFaceNameSizeStyleBitsColorDevStudio/Scanners/DotNetExclusionListPathDevStudio/IDE/NewProjectDlg/IS_HidePrjTypeEPrjTypeDevStudio/IDE/Workspaces/SQLScripts/IS_MetaDataAdoDriverNameAdoCxnDriverAdoCxnServerAdoCxnDatabaseAdoCxnUserIDAdoCxnPasswordAdoCxnWindowsSecurityAdoCxnNetLibraryVersionBeginTokenVersionEndTokenVersionInfoCmdTestDatabaseCmdTestTableCmdLocalInstanceNamesCreateDbCmdSwitchDbCmdISAttributesTestTableCmd2WinAuthentUserIdDsnODBCNameAdoCxnPortAdoCxnAdditionalQueryDatabasesCmdCreateTableCmdInsertRecordCmdSelectTableCmdScriptVersion_TableScriptVersion_ColumnScriptVersion_ColumnTypePRQFileX86PRQFileX64DevStudio/IDE/Workspaces/SQLScripts/IS_MetaData[@Name="%s"]/Properties/PropertyDevStudio/IDE/Workspaces/SQLScripts/IS_MetaData[@Name="%s"]/ProductVersions/ProductVersionMajorVersionServicePackLevelDevStudio/IDE/Workspaces/SQLScripts/IS_MetaData[@Name="%s"]/Drivers/DriverDevStudio/IDE/Workspaces/SQLScripts/DBImport_ColumnTypeNullableDefaultValueDevStudio/IDE/Workspaces/SQLScripts/DBImport_BulkCopyPropRowDelimiterColumnDelimiterDevStudio/Build/Settings/MSI30DevStudio/Build/Settings/MSI31versionDevStudio/Build/DotNetRedistributables/NetFx[@key="0"]DevStudio/Build/DotNetRedistributables/NetFx[@key="1"]DevStudio/Build/DotNetRedistributables/NetFx[@key="2"]VersionCoreLangLangPackDevStudio/IDE/Workspaces/ClickOnce/Permissions/*ZonesSourceMetaDataDevStudio/DIM/PredefinedTargetFolders/PredefinedTargetFolderVarNameVarValueDevStudio/DIM/Languages/LanguageMsiLangIdCountryVariantIdDevStudio/IDE/StringImportExport/StringImportEscCharsAsLiteralDevStudio/ISXML/Encodings/EncodingDevStudio/Build/EmptyTableDispositionDevStudio/Build/EmptyTableDisposition/*KeepDropRef:DevStudio/Build/WarningsDisableDevStudio/Build/DirectoryReferences/ReferenceTableColumnDevStudio/Build/DigitalSignatureDevStudio/Build/DigitalSignature[@TimestampRFC3161]TimestampTimestampRFC3161DevStudio/Build/DelayBetweenSigningdefaultDevStudio/Build/DigitalSignature[@Platform]PlatformDevStudio/Build/DigitalSignature[@ValidateSetupAndMSISignatures]ValidateSetupAndMSISignaturesDevStudio/Build/ComExtractionTimeoutDevStudio/ISMobile/MobileDevices/MobileDeviceMaskDevStudio/ISMobile/MobileDevices/MobileDevice[@Mask="%d"]DevStudio/ISMobile/MobileDevices/MobileDevice[@Mask="%d"]/UnsupportedPlatforms/PlatformPlatformMinPlatformMaxDeviceNamePlatformNamePlatformStringBuildMaxScreenSupportDevStudio/ISMobile/MobileRedists/MobileRedistDevStudio/ISMobile/MobileRedists/MobileRedist[@Name="%s"]/ShortCabFileNames/ShortCabFileExtDevStudio/ISMobile/MobileRedistPaths
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E3A624 cpuid 0_2_00E3A624
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: GetLocaleInfoW,TranslateCharsetInfo,IsValidLocale,0_2_00E042B5
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: GetLocaleInfoW,0_2_00E379FE
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: GetLocaleInfoW,TranslateCharsetInfo,IsValidLocale,0_2_00E37979
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: GetLocaleInfoW,TranslateCharsetInfo,IsValidLocale,1_2_003642B5
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: GetLocaleInfoW,TranslateCharsetInfo,IsValidLocale,1_2_00397979
    Source: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exeCode function: GetLocaleInfoW,1_2_003979FE
    Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E3AA4B GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00E3AA4B
    Source: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exeCode function: 0_2_00E43421 GetVersion,0_2_00E43421

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure1
    Replication Through Removable Media    		1
    Command and Scripting Interpreter    		1
    Registry Run Keys / Startup Folder    		1
    Exploitation for Privilege Escalation    		31
    Masquerading    		OS Credential Dumping1
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Encrypted Channel    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts2
    Native API    		1
    DLL Side-Loading    		1
    Access Token Manipulation    		1
    Access Token Manipulation    		LSASS Memory2
    Security Software Discovery    		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)2
    Process Injection    		2
    Process Injection    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
    Registry Run Keys / Startup Folder    		1
    Deobfuscate/Decode Files or Information    		NTDS11
    Peripheral Device Discovery    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
    DLL Side-Loading    		2
    Obfuscated Files or Information    		LSA Secrets3
    File and Directory Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    Timestomp    		Cached Domain Credentials36
    System Information Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
    DLL Side-Loading    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    File Deletion    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 signatures2 2 Behavior Graph ID: 1428780 Sample: AGLCStructuredSettlementsIn... Startdate: 19/04/2024 Architecture: WINDOWS Score: 25 31 Yara detected Generic Downloader 2->31 8 msiexec.exe 306 554 2->8         started        11 AGLCStructuredSettlementsInstaller.exe 8 2->11         started        process3 file4 21 TallComponents.PDF.Controls.WinForms.dll, PE32 8->21 dropped 23 C:\...\_1B086178_A74C_45CD_B17B_C24F85AAF899, PE32 8->23 dropped 25 DesktopShortcut_9C...C65AF72911A3204.exe, PE32 8->25 dropped 29 59 other files (none is malicious) 8->29 dropped 27 C:\...\AGLCStructuredSettlementsInstaller.exe, PE32 11->27 dropped 13 AGLCStructuredSettlementsInstaller.exe 16 11->13         started        process5 process6 15 cmd.exe 1 13->15         started        17 msiexec.exe 5 13->17         started        process7 19 conhost.exe 15->19         started       

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    No Antivirus matches

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Deployment.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Aspose.PDF.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Ciloci.Flee.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.BonusSkins.v12.2.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Data.v10.2.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Data.v12.2.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Office.v12.2.Core.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Printing.v12.2.Core.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.RichEdit.v12.2.Core.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Utils.v10.2.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Utils.v12.2.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Web.v12.2.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraBars.v12.2.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraEditors.v10.2.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraEditors.v12.2.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraGrid.v12.2.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraLayout.v12.2.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraNavBar.v12.2.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraRichEdit.v12.2.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraTreeList.v12.2.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DotNetZip.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\EntityFramework.SqlServer.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\EntityFramework.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Kjs.AppLife.Update.Controller.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Microsoft.CSharp.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Newtonsoft.Json.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\RestSharp.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\System.Data.SQLite.EF6.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\System.Data.SQLite.Linq.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\System.Data.SQLite.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\System.Dynamic.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\System.Numerics.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\TallComponents.PDF.Controls.WinForms.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\itextsharp.dll0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://www.flexerasoftware.com00%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    No contacted domains info

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://www.aiim.org/pdfa/ns/property#AGLC107709-FL-2018.pdf.3.dr, Aspose.PDF.xml.3.drfalse
      		high
      http://crl.godaddy.com/gds5-16.crl0SDevExpress.Office.v12.2.Core.dll.3.drfalse
        		high
        http://www.aiim.org/pdfa/ns/type#Aspose.PDF.xml.3.drfalse
          		high
          http://www.aiim.org/pdfua/ns/id/AGLC107709-FL-2018.pdf.3.drfalse
            		high
            http://certificates.godaddy.com/repository/0DevExpress.Office.v12.2.Core.dll.3.drfalse
              		high
              http://www.aiim.org/pdfa/ns/schema#AGLC107709-FL-2018.pdf.3.drfalse
                		high
                http://www.CorebridgeFinancial.comAGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1843957737.0000000004B6C000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1822054656.0000000004B67000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1843819004.0000000004B40000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1843977341.0000000004B6D000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  http://www.aiim.org/pdfa/ns/field#Aspose.PDF.xml.3.drfalse
                    		high
                    http://certificates.godaddy.com/repository100.DevExpress.Office.v12.2.Core.dll.3.drfalse
                      		high
                      http://www.aiim.org/pdfa/ns/extension/AGLC107709-FL-2018.pdf.3.drfalse
                        		high
                        http://www.installshield.com/isetup/ProErrorCentral.asp?ErrorCode=%dAGLCStructuredSettlementsInstaller.exefalse
                          		high
                          http://certificates.godaddy.com/repository/gd_intermediate.crt0DevExpress.Office.v12.2.Core.dll.3.drfalse
                            		high
                            http://www.flexerasoftware.com0Structured Settlements.msi0.1.drfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.aspose.comAspose.PDF.xml.3.drfalse
                              		high
                              http://certificates.godaddy.com/repository0DevExpress.Office.v12.2.Core.dll.3.drfalse
                                		high
                                http://certificates.godaddy.com/repository/gdroot.crl0KDevExpress.Office.v12.2.Core.dll.3.drfalse
                                  		high
                                  http://saturn.installshield.com/is/prerequisites/microsoftAGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1791232934.0000000004B20000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.2229552461.0000000004AF3000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1790956570.0000000004AF6000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1791410497.0000000004B1F000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.2229380795.0000000004AF2000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.2229188521.0000000004ADF000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1792335082.0000000004B25000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1791559145.0000000004AF9000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1790835496.0000000004B18000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1794284895.0000000004B23000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1792020776.0000000004B26000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1791479808.0000000004B23000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1790472353.0000000004AF9000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1790662848.0000000004AFA000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1790296600.0000000004B25000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1791166073.0000000004B16000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1790397779.0000000004B1F000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1792770948.0000000004B23000.00000004.00000020.00020000.00000000.sdmp, AGLCStructuredSettlementsInstaller.exe, 00000001.00000003.1790883439.0000000004B23000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high

                                    World Map of Contacted IPs

                                    No contacted IP infos

                                    General Information

                                    Joe Sandbox version:40.0.0 Tourmaline
                                    Analysis ID:1428780
                                    Start date and time:2024-04-19 16:02:33 +02:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 9m 31s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:11
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:AGLCStructuredSettlementsInstaller.exe
                                    Detection:SUS
                                    Classification:sus25.troj.winEXE@9/533@0/0
                                    EGA Information:
                                    • Successful, ratio: 100%
                                    HCA Information:
                                    • Successful, ratio: 95%
                                    • Number of executed functions: 46
                                    • Number of non-executed functions: 477
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe

                                    Warnings

                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                    • Report size getting too big, too many NtSetInformationFile calls found.
                                    • VT rate limit hit for: AGLCStructuredSettlementsInstaller.exe

                                    Simulations

                                    Behavior and APIs

                                    No simulations

                                    Joe Sandbox View / Context

                                    IPs

                                    No context

                                    Domains

                                    No context

                                    ASNs

                                    No context

                                    JA3 Fingerprints

                                    No context

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    C:\Config.Msi\4889b4.rbs

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:modified
                                    Size (bytes):85022
                                    Entropy (8bit):5.713498258393253
                                    Encrypted:false
                                    SSDEEP:1536:k4LMmklkkkkkkkkEEmhwaJNIGsBqFu5mlWmYZIZ2aBP0R3/iWjiZ0OKgVahLyjvY:mgXCxdq7k/
                                    MD5:1544E1D2B67F6ED0FC4FBC0463D3D3F2
                                    SHA1:36E59DB864ECC60AD34AB5ACB6B428CBDE7B0D83
                                    SHA-256:3F042AFCAB1645240760C53AAF0D6B802CF007B08F194B425DF74392AB38A975
                                    SHA-512:E8FB820863A1374B978FFA9643DAB7EFED83E382D8A5C23B740725C83F6C8F5AD85C83F3FD77BA80735D4ED9D6EA289A27D4641453AF5E7A11DE439F8EB24C95
                                    Malicious:false
                                    Reputation:low
                                    Preview:...@IXOS.@.....@...X.@.....@.....@.....@.....@.....@......&.{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}..Structured Settlements..Structured Settlements.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{2DAE1BFB-6F68-4AD8-A074-1F290D098EE1}.....@.....@.....@.....@.......@.....@.....@.......@......Structured Settlements......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{6B21ED42-1EED-406D-B733-FF06F50507A4}&.{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}.@......&.{7665979E-FB5D-44B7-A0C7-4BF8882490FF}&.{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}.@......&.{76605CDD-2781-41BB-AECE-F1A84F4A4824}&.{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}.@......&.{08D6966E-1F4C-4BD5-B409-82EC3C4B116C}&.{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}.@......&.{AC21782D-D5F7-4F23-A8FF-2D633044F26F}&.{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}.@......&.{D17FB510-ABE5-4B4B-8D44-3012586B216F}&.{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}.@......&.{237B6

                                    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corebridge Financial\Structured Settlements\AGLC Structured Settlements.lnk

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                    Category:dropped
                                    Size (bytes):2839
                                    Entropy (8bit):2.8878563003842874
                                    Encrypted:false
                                    SSDEEP:48:8V/7USDPVIYlJOtnPPVIYl+Ot6n8V5PPVIYl+OtHnSAq72WPPVIYl+Ot:8VTZuYePuYa8V5PuYJzq72WPuY
                                    MD5:3854BA628B23F757F6D05E8A11F724FF
                                    SHA1:A3C88D8F444FD9D3CB04B4CF00834D0D554E40AB
                                    SHA-256:4FC71645A936346FE1A9E41A66640DF59EB95B66C5C1E3FFC8EF5BB6D12EF5CC
                                    SHA-512:9D5AC45D77364D0646D85B352409DFECF87BF621907167A565D6D86B01D942CDC3B05445E143A381B67961D1E11167EA8303F6E990C9CAF3547C8E7658CDE959
                                    Malicious:false
                                    Reputation:low
                                    Preview:L..................F.P......................................................3....P.O. .:i.....+00.../C:\...................V.1.....DWQ`..Windows.@......OwH.Xpp....3......................v..W.i.n.d.o.w.s.....\.1......X.p..Installer.D......O.I.X.p..........................N.A.I.n.s.t.a.l.l.e.r.......1......X.p..{7A470~1..~......X.p.X.p.....H......................:.{.7.A.4.7.0.A.9.C.-.C.6.D.5.-.4.1.1.A.-.9.E.6.6.-.4.2.C.3.D.1.B.C.C.1.0.D.}.......2..H...X.p!.APPLIC~1.EXE.........X.p.X.p.....H......................:.A.p.p.l.i.c.a.t.i.o.n.S.h.o.r.t.c.u._.5.5.2.8.D.E.C.E.9.B.B.B.4.B.3.1.B.1.C.E.0.1.6.6.0.A.A.7.1.3.F.5...e.x.e.............\.....\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.7.A.4.7.0.A.9.C.-.C.6.D.5.-.4.1.1.A.-.9.E.6.6.-.4.2.C.3.D.1.B.C.C.1.0.D.}.\.A.p.p.l.i.c.a.t.i.o.n.S.h.o.r.t.c.u._.5.5.2.8.D.E.C.E.9.B.B.B.4.B.3.1.B.1.C.E.0.1.6.6.0.A.A.7.1.3.F.5...e.x.e.:.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.A.G.L.\.S.t.r.u.c.t.u.r.e.d

                                    C:\Users\Public\Desktop\AGLC Structured Settlements.lnk

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Icon number=0, Archive, ctime=Thu Oct 26 17:09:20 2023, mtime=Fri Apr 19 13:04:04 2024, atime=Thu Oct 26 17:09:20 2023, length=918016, window=hide
                                    Category:dropped
                                    Size (bytes):2324
                                    Entropy (8bit):4.001942440208538
                                    Encrypted:false
                                    SSDEEP:48:8fFbyp747AM0dnHsBdWmjn8R35PPVIYlIvfiLSA4KkjWPPVIYlIvfiKY:8tWAAM0dHsbWQ8R35PuY/4WPuYi
                                    MD5:05909FCC0C9B17675F5634554F28F7D7
                                    SHA1:31835D96941D28977D5C33CC601E05CCEF3E4BFF
                                    SHA-256:CFF34F2894C92FA4C5985FE99510B23E66B06F2C9CB6F9D9945B540056DDE693
                                    SHA-512:97F62A09BB76D8D55730ADD51F4648E105215A11DF54ADCCCC0B5C3E539CAA517715A94B3C07767C8B1C7987C490FE3586DFF442D8B4A99718D8C2E2761BBCB2
                                    Malicious:false
                                    Reputation:low
                                    Preview:L..................F.@.. .....u.7...*`.ob.....u.7................................P.O. .:i.....+00.../C:\...................x.1.....CW;^..Users.d......OwH.Xqp....................:.....K...U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....P.1......Xjp..user.<......CW.^.Xqp...........................)P.j.o.n.e.s.....V.1.....CW.^..AppData.@......CW.^.Xpp...........................%..A.p.p.D.a.t.a.....V.1......X.p..Roaming.@......CW.^.X.p..........................Uy?.R.o.a.m.i.n.g.....J.1......X.p..AGL.8......X.p.X.p....|.....................Uy?.A.G.L.....v.1......X.p..STRUCT~1..^......X.p.X.p..........................+.Y.S.t.r.u.c.t.u.r.e.d. .S.e.t.t.l.e.m.e.n.t.s.....`.2.....ZW*. .AGLCSS.exe..F......ZW*..X.p..............................A.G.L.C.S.S...e.x.e.......s...............-.......r............-Y.....C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.exe..A.....\.....\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.A.G.L.\.S.t.r.u.c.t.u.r.e.d. .S.e.t.t.l.e.

                                    C:\Users\user\AppData\Local\Downloaded Installations\{2DAE1BFB-6F68-4AD8-A074-1F290D098EE1}\Structured Settlements.msi

                                    Download File
                                    Process:C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exe
                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords: Installer,MSI,Database, Subject: Structured Settlements, Author: Corebridge Financial, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2023 29, Revision Number: {2DAE1BFB-6F68-4AD8-A074-1F290D098EE1}, Last Saved Time/Date: Fri Jan 19 10:07:06 2024, Create Time/Date: Fri Jan 19 10:07:06 2024, Last Printed: Fri Jan 19 10:07:06 2024, Code page: 1252, Template: Intel;1033
                                    Category:dropped
                                    Size (bytes):91906560
                                    Entropy (8bit):7.983243289223872
                                    Encrypted:false
                                    SSDEEP:1572864:lxd3U0gUk2abcyG+gVjx9M1a+6RjmQkeveqdZG4kxTcDByZnXWghc:lxNkTAyZgj9kag3MZdkiDqnB
                                    MD5:6805ECCF602D5B45E52278067DA2C6CD
                                    SHA1:7B625F64F5B47BA59D830E18827D6E2E26D44739
                                    SHA-256:6398B1FCFBD04D29FD9BF5301442C2A0D39971BD62EEDA42942B7DC196F2310F
                                    SHA-512:D294EEECB9A845A9E3A7C6F88A23B93D218888CF8C6B9E27ADC179DB3A67477C92785B418534CB52E4CE22BC955BB938C142F7F9078B7605B200296C9F5B4F18
                                    Malicious:false
                                    Reputation:low
                                    Preview:......................>...................{...............8........6........................................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5..........;.......................................................................................................%........... ...!..."...#...$.......&.../...(...)...*...+...,...-.......2...0...1...4...3...F...5...6...7...>...M...:...<.......=.......?...@...A...B...C...D...E...H...G...W...I...J...K...L...N.......O...P...Q...R...S...T...U...V...Y...X...c...Z...[...\...]...^..._...`...a...b...e...d...o...f...g...h...i...j...k...l...m...n...q...p...}...r...s...t...u...v...w...x...y...z...

                                    C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\0x0409.ini

                                    Download File
                                    Process:C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exe
                                    File Type:Unicode text, UTF-16, little-endian text, with very long lines (308), with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):22914
                                    Entropy (8bit):3.4834020467841986
                                    Encrypted:false
                                    SSDEEP:384:CTmyuV//BiTbh/YgAwC2WrP2DBW5/Oa0Mhs+XVgv:CT6V//BiXh/t/lWr0pa0Mhs+XVgv
                                    MD5:1196F20CA8BCAA637625E6A061D74C9E
                                    SHA1:D0946B58676C9C6E57645DBCFFC92C61ECA3B274
                                    SHA-256:CDB316D7F9AA2D854EB28F7A333426A55CC65FA7D31B0BDF8AE108E611583D29
                                    SHA-512:75E0B3B98AD8269DC8F7048537AD2B458FA8B1DC54CF39DF015306ABD6701AA8357E08C7D1416D80150CCFD591376BA803249197ABDF726E75D50F79D7370EF3
                                    Malicious:false
                                    Reputation:moderate, very likely benign file
                                    Preview:..[.0.x.0.4.0.9.].....1.1.0.0.=.S.e.t.u.p. .I.n.i.t.i.a.l.i.z.a.t.i.o.n. .E.r.r.o.r.....1.1.0.1.=.%.s.....1.1.0.2.=.%.1. .S.e.t.u.p. .i.s. .p.r.e.p.a.r.i.n.g. .t.h.e. .%.2.,. .w.h.i.c.h. .w.i.l.l. .g.u.i.d.e. .y.o.u. .t.h.r.o.u.g.h. .t.h.e. .p.r.o.g.r.a.m. .s.e.t.u.p. .p.r.o.c.e.s.s... . .P.l.e.a.s.e. .w.a.i.t.......1.1.0.3.=.C.h.e.c.k.i.n.g. .O.p.e.r.a.t.i.n.g. .S.y.s.t.e.m. .V.e.r.s.i.o.n.....1.1.0.4.=.C.h.e.c.k.i.n.g. .W.i.n.d.o.w.s.(.R.). .I.n.s.t.a.l.l.e.r. .V.e.r.s.i.o.n.....1.1.0.5.=.C.o.n.f.i.g.u.r.i.n.g. .W.i.n.d.o.w.s. .I.n.s.t.a.l.l.e.r.....1.1.0.6.=.C.o.n.f.i.g.u.r.i.n.g. .%.s.....1.1.0.7.=.S.e.t.u.p. .h.a.s. .c.o.m.p.l.e.t.e.d. .c.o.n.f.i.g.u.r.i.n.g. .t.h.e. .W.i.n.d.o.w.s. .I.n.s.t.a.l.l.e.r. .o.n. .y.o.u.r. .s.y.s.t.e.m... .T.h.e. .s.y.s.t.e.m. .n.e.e.d.s. .t.o. .b.e. .r.e.s.t.a.r.t.e.d. .i.n. .o.r.d.e.r. .t.o. .c.o.n.t.i.n.u.e. .w.i.t.h. .t.h.e. .i.n.s.t.a.l.l.a.t.i.o.n... .P.l.e.a.s.e. .c.l.i.c.k. .R.e.s.t.a.r.t. .t.o. .r.e.b.o.o.t. .t.h.e. .s.y.s.t.e.m.......1.1.0.8.

                                    C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exe

                                    Download File
                                    Process:C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exe
                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):90597468
                                    Entropy (8bit):7.9987189791354965
                                    Encrypted:true
                                    SSDEEP:1572864:rL1lhn9IWjpZnj7YpYcAhMX0AOaQInK7dl0NLW1mF7xoVwTvUUSg9v/ELntup9MT:lv6GHj+YhIOrli1xLxSS/+tupLL6KarL
                                    MD5:A53CB926FF7C4AF575102BC08594327F
                                    SHA1:03D6A95E1EEC98CF7EAEBE508166700748B153EA
                                    SHA-256:F7139B8276726858E5F3E05939E012506BEEC45C93A062EA6469BFB76BD1958A
                                    SHA-512:2EFEC8BA1120E4CD7D122E099C2648DD72B9BE4CF00C3CB2B94022FFFBFB5D068726FAFA766D172F8F1F76289E48D25CF7AEC398C89D0347A8275424974340E2
                                    Malicious:false
                                    Reputation:low
                                    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........Q............jZ9.....jZ;.J...jZ:......................................9...............9..........&.............7......._.............Rich............................PE..L......d.........."....".<...&...............P....@.......................................@..................................M..........D.................... ..........T...........................X...@............P.......F.......................text....;.......<.................. ..`.rdata.......P.......@..............@..@.data.......p...@...^..............@....didat..(...........................@....rsrc...D...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exe:Zone.Identifier

                                    Download File
                                    Process:C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:false
                                    Reputation:high, very likely benign file
                                    Preview:[ZoneTransfer]....ZoneId=0

                                    C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\Microsoft .NET Framework 4.0 Client (Web Download).prq

                                    Download File
                                    Process:C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exe
                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):2309
                                    Entropy (8bit):5.335835372312326
                                    Encrypted:false
                                    SSDEEP:48:cRSUIW6t+ue1nOYnhj4YnhT4YntO4YntiYnt4YnhS4YntQYntLYn4eoEtrIYqGb4:BrW6t3anfnhj1nhT1n41nlnt1nhS1nTT
                                    MD5:5A89301A3AF3847671EF0D458E2C3AD9
                                    SHA1:12876BE5A9585E2050EDD57BC8B55015BCD92BCC
                                    SHA-256:38AC5AC7784DDE3EC688899F845C39F8E3C4DFE690D2C1560D5B815DBB0877E7
                                    SHA-512:36A04A6FF60DC87673B73B486362D9D13BB4A0A146D908883606E9C235E3987A2E6E2444B8937A81E1D8513F608C76EA035418DE164E63A457D59B1E94DEB392
                                    Malicious:false
                                    Reputation:low
                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<SetupPrereq>...<conditions>....<condition Type="2" Comparison="2" Path="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client" FileName="Install" ReturnValue="1"/>...</conditions>...<operatingsystemconditions>....<operatingsystemcondition MajorVersion="5" MinorVersion="1" PlatformId="2" CSDVersion="" Bits="1" ProductType="1" ServicePackMajorMin="2"/>....<operatingsystemcondition MajorVersion="5" MinorVersion="2" PlatformId="2" CSDVersion="" Bits="1" ProductType="2|3" ServicePackMajorMin="1"/>....<operatingsystemcondition MajorVersion="5" MinorVersion="2" PlatformId="2" CSDVersion="" Bits="4" ProductType="1"/>....<operatingsystemcondition MajorVersion="6" MinorVersion="0" PlatformId="2" CSDVersion="" Bits="1"/>....<operatingsystemcondition MajorVersion="6" MinorVersion="0" PlatformId="2" CSDVersion="" Bits="1" ProductType="2|3"/>....<operatingsystemcondition MajorVersion="6" MinorVersion="1" PlatformId="2" CSDVe

                                    C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\Setup.INI

                                    Download File
                                    Process:C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exe
                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):5756
                                    Entropy (8bit):3.730369655428694
                                    Encrypted:false
                                    SSDEEP:96:rEhkMaE6CMrRWuYOkokOr+ON/XsEbFWaEPRhS+gWPQPgWRGTwQbPrvnp6kY05w7e:YhcpHrRnxkElcuQaEZhdxoIWRGcQbPrj
                                    MD5:BEF2BF437529B46605B5C2E2414C5A90
                                    SHA1:BF3AEBB7D25000FDCC68B9ACA323A2DE5F79ECE3
                                    SHA-256:17216FA24882B1AB77F3929C7133513EAFB9CC164892C68F00FB9A4D9052BFF7
                                    SHA-512:C4D2FBB64913BBDAFD6E65F0FB9AA9668EE633EE4DEBDA9702DEF70F6BFC402AE81D64EDBD50B215E76A4B99BF55FCE05428FB43C87FB8B5AF16ECEADD58F3C9
                                    Malicious:false
                                    Reputation:low
                                    Preview:..[.I.n.f.o.].....N.a.m.e.=.I.N.T.L.....V.e.r.s.i.o.n.=.1...0.0...0.0.0.....D.i.s.k.S.p.a.c.e.=.8.0.0.0...;.D.i.s.k.S.p.a.c.e. .r.e.q.u.i.r.e.m.e.n.t. .i.n. .K.B.........[.S.t.a.r.t.u.p.].....C.m.d.L.i.n.e.=.....S.u.p.p.r.e.s.s.W.r.o.n.g.O.S.=.Y.....S.c.r.i.p.t.D.r.i.v.e.n.=.0.....S.c.r.i.p.t.V.e.r.=.1...0...0...1.....D.o.t.N.e.t.O.p.t.i.o.n.a.l.I.n.s.t.a.l.l.I.f.S.i.l.e.n.t.=.N.....O.n.U.p.g.r.a.d.e.=.1.....P.r.o.d.u.c.t.=.S.t.r.u.c.t.u.r.e.d. .S.e.t.t.l.e.m.e.n.t.s.....P.a.c.k.a.g.e.N.a.m.e.=.S.t.r.u.c.t.u.r.e.d. .S.e.t.t.l.e.m.e.n.t.s...m.s.i.....E.n.a.b.l.e.L.a.n.g.D.l.g.=.N.....L.o.g.R.e.s.u.l.t.s.=.N.....D.o.M.a.i.n.t.e.n.a.n.c.e.=.N.....P.r.o.d.u.c.t.C.o.d.e.=.{.7.A.4.7.0.A.9.C.-.C.6.D.5.-.4.1.1.A.-.9.E.6.6.-.4.2.C.3.D.1.B.C.C.1.0.D.}.....P.r.o.d.u.c.t.V.e.r.s.i.o.n.=.6...5...0...1.....U.p.g.r.a.d.e.C.o.d.e.=.{.9.5.9.4.8.F.0.D.-.1.9.F.F.-.4.0.D.B.-.A.1.2.F.-.1.4.A.9.6.4.1.6.3.E.D.E.}.....L.a.u.n.c.h.e.r.N.a.m.e.=.A.G.L.C.S.t.r.u.c.t.u.r.e.d.S.e.t.t.l.e.m.e.n.t.s.I.n.s.t.a.l.l.e.

                                    C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\Structured Settlements.msi

                                    Download File
                                    Process:C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exe
                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords: Installer,MSI,Database, Subject: Structured Settlements, Author: Corebridge Financial, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2023 29, Revision Number: {2DAE1BFB-6F68-4AD8-A074-1F290D098EE1}, Last Saved Time/Date: Fri Jan 19 10:07:06 2024, Create Time/Date: Fri Jan 19 10:07:06 2024, Last Printed: Fri Jan 19 10:07:06 2024, Code page: 1252, Template: Intel;1033
                                    Category:dropped
                                    Size (bytes):91906560
                                    Entropy (8bit):7.983243289223872
                                    Encrypted:false
                                    SSDEEP:1572864:lxd3U0gUk2abcyG+gVjx9M1a+6RjmQkeveqdZG4kxTcDByZnXWghc:lxNkTAyZgj9kag3MZdkiDqnB
                                    MD5:6805ECCF602D5B45E52278067DA2C6CD
                                    SHA1:7B625F64F5B47BA59D830E18827D6E2E26D44739
                                    SHA-256:6398B1FCFBD04D29FD9BF5301442C2A0D39971BD62EEDA42942B7DC196F2310F
                                    SHA-512:D294EEECB9A845A9E3A7C6F88A23B93D218888CF8C6B9E27ADC179DB3A67477C92785B418534CB52E4CE22BC955BB938C142F7F9078B7605B200296C9F5B4F18
                                    Malicious:false
                                    Preview:......................>...................{...............8........6........................................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5..........;.......................................................................................................%........... ...!..."...#...$.......&.../...(...)...*...+...,...-.......2...0...1...4...3...F...5...6...7...>...M...:...<.......=.......?...@...A...B...C...D...E...H...G...W...I...J...K...L...N.......O...P...Q...R...S...T...U...V...Y...X...c...Z...[...\...]...^..._...`...a...b...e...d...o...f...g...h...i...j...k...l...m...n...q...p...}...r...s...t...u...v...w...x...y...z...

                                    C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\_ISMSIDEL.INI

                                    Download File
                                    Process:C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exe
                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):20
                                    Entropy (8bit):2.8954618442383215
                                    Encrypted:false
                                    SSDEEP:3:Q+5lkrJ4l49:Q+s2l49
                                    MD5:DB9AF7503F195DF96593AC42D5519075
                                    SHA1:1B487531BAD10F77750B8A50ACA48593379E5F56
                                    SHA-256:0A33C5DFFABCF31A1F6802026E9E2EEF4B285E57FD79D52FDCD98D6502D14B13
                                    SHA-512:6839264E14576FE190260A4B82AFC11C88E50593A20113483851BF4ABFDB7CCA9986BEF83F4C6B8F98EF4D426F07024CF869E8AB393DF6D2B743B9B8E2544E1B
                                    Malicious:false
                                    Preview:..[.F.i.l.e.s.].....

                                    C:\Users\user\AppData\Local\Temp\~2F9D.tmp

                                    Download File
                                    Process:C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exe
                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):5756
                                    Entropy (8bit):3.730369655428694
                                    Encrypted:false
                                    SSDEEP:96:rEhkMaE6CMrRWuYOkokOr+ON/XsEbFWaEPRhS+gWPQPgWRGTwQbPrvnp6kY05w7e:YhcpHrRnxkElcuQaEZhdxoIWRGcQbPrj
                                    MD5:BEF2BF437529B46605B5C2E2414C5A90
                                    SHA1:BF3AEBB7D25000FDCC68B9ACA323A2DE5F79ECE3
                                    SHA-256:17216FA24882B1AB77F3929C7133513EAFB9CC164892C68F00FB9A4D9052BFF7
                                    SHA-512:C4D2FBB64913BBDAFD6E65F0FB9AA9668EE633EE4DEBDA9702DEF70F6BFC402AE81D64EDBD50B215E76A4B99BF55FCE05428FB43C87FB8B5AF16ECEADD58F3C9
                                    Malicious:false
                                    Preview:..[.I.n.f.o.].....N.a.m.e.=.I.N.T.L.....V.e.r.s.i.o.n.=.1...0.0...0.0.0.....D.i.s.k.S.p.a.c.e.=.8.0.0.0...;.D.i.s.k.S.p.a.c.e. .r.e.q.u.i.r.e.m.e.n.t. .i.n. .K.B.........[.S.t.a.r.t.u.p.].....C.m.d.L.i.n.e.=.....S.u.p.p.r.e.s.s.W.r.o.n.g.O.S.=.Y.....S.c.r.i.p.t.D.r.i.v.e.n.=.0.....S.c.r.i.p.t.V.e.r.=.1...0...0...1.....D.o.t.N.e.t.O.p.t.i.o.n.a.l.I.n.s.t.a.l.l.I.f.S.i.l.e.n.t.=.N.....O.n.U.p.g.r.a.d.e.=.1.....P.r.o.d.u.c.t.=.S.t.r.u.c.t.u.r.e.d. .S.e.t.t.l.e.m.e.n.t.s.....P.a.c.k.a.g.e.N.a.m.e.=.S.t.r.u.c.t.u.r.e.d. .S.e.t.t.l.e.m.e.n.t.s...m.s.i.....E.n.a.b.l.e.L.a.n.g.D.l.g.=.N.....L.o.g.R.e.s.u.l.t.s.=.N.....D.o.M.a.i.n.t.e.n.a.n.c.e.=.N.....P.r.o.d.u.c.t.C.o.d.e.=.{.7.A.4.7.0.A.9.C.-.C.6.D.5.-.4.1.1.A.-.9.E.6.6.-.4.2.C.3.D.1.B.C.C.1.0.D.}.....P.r.o.d.u.c.t.V.e.r.s.i.o.n.=.6...5...0...1.....U.p.g.r.a.d.e.C.o.d.e.=.{.9.5.9.4.8.F.0.D.-.1.9.F.F.-.4.0.D.B.-.A.1.2.F.-.1.4.A.9.6.4.1.6.3.E.D.E.}.....L.a.u.n.c.h.e.r.N.a.m.e.=.A.G.L.C.S.t.r.u.c.t.u.r.e.d.S.e.t.t.l.e.m.e.n.t.s.I.n.s.t.a.l.l.e.

                                    C:\Users\user\AppData\Local\Temp\~2F9E.tmp

                                    Download File
                                    Process:C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exe
                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):5756
                                    Entropy (8bit):3.730369655428694
                                    Encrypted:false
                                    SSDEEP:96:rEhkMaE6CMrRWuYOkokOr+ON/XsEbFWaEPRhS+gWPQPgWRGTwQbPrvnp6kY05w7e:YhcpHrRnxkElcuQaEZhdxoIWRGcQbPrj
                                    MD5:BEF2BF437529B46605B5C2E2414C5A90
                                    SHA1:BF3AEBB7D25000FDCC68B9ACA323A2DE5F79ECE3
                                    SHA-256:17216FA24882B1AB77F3929C7133513EAFB9CC164892C68F00FB9A4D9052BFF7
                                    SHA-512:C4D2FBB64913BBDAFD6E65F0FB9AA9668EE633EE4DEBDA9702DEF70F6BFC402AE81D64EDBD50B215E76A4B99BF55FCE05428FB43C87FB8B5AF16ECEADD58F3C9
                                    Malicious:false
                                    Preview:..[.I.n.f.o.].....N.a.m.e.=.I.N.T.L.....V.e.r.s.i.o.n.=.1...0.0...0.0.0.....D.i.s.k.S.p.a.c.e.=.8.0.0.0...;.D.i.s.k.S.p.a.c.e. .r.e.q.u.i.r.e.m.e.n.t. .i.n. .K.B.........[.S.t.a.r.t.u.p.].....C.m.d.L.i.n.e.=.....S.u.p.p.r.e.s.s.W.r.o.n.g.O.S.=.Y.....S.c.r.i.p.t.D.r.i.v.e.n.=.0.....S.c.r.i.p.t.V.e.r.=.1...0...0...1.....D.o.t.N.e.t.O.p.t.i.o.n.a.l.I.n.s.t.a.l.l.I.f.S.i.l.e.n.t.=.N.....O.n.U.p.g.r.a.d.e.=.1.....P.r.o.d.u.c.t.=.S.t.r.u.c.t.u.r.e.d. .S.e.t.t.l.e.m.e.n.t.s.....P.a.c.k.a.g.e.N.a.m.e.=.S.t.r.u.c.t.u.r.e.d. .S.e.t.t.l.e.m.e.n.t.s...m.s.i.....E.n.a.b.l.e.L.a.n.g.D.l.g.=.N.....L.o.g.R.e.s.u.l.t.s.=.N.....D.o.M.a.i.n.t.e.n.a.n.c.e.=.N.....P.r.o.d.u.c.t.C.o.d.e.=.{.7.A.4.7.0.A.9.C.-.C.6.D.5.-.4.1.1.A.-.9.E.6.6.-.4.2.C.3.D.1.B.C.C.1.0.D.}.....P.r.o.d.u.c.t.V.e.r.s.i.o.n.=.6...5...0...1.....U.p.g.r.a.d.e.C.o.d.e.=.{.9.5.9.4.8.F.0.D.-.1.9.F.F.-.4.0.D.B.-.A.1.2.F.-.1.4.A.9.6.4.1.6.3.E.D.E.}.....L.a.u.n.c.h.e.r.N.a.m.e.=.A.G.L.C.S.t.r.u.c.t.u.r.e.d.S.e.t.t.l.e.m.e.n.t.s.I.n.s.t.a.l.l.e.

                                    C:\Users\user\AppData\Local\Temp\~2FBE.tmp

                                    Download File
                                    Process:C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exe
                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):5756
                                    Entropy (8bit):3.730369655428694
                                    Encrypted:false
                                    SSDEEP:96:rEhkMaE6CMrRWuYOkokOr+ON/XsEbFWaEPRhS+gWPQPgWRGTwQbPrvnp6kY05w7e:YhcpHrRnxkElcuQaEZhdxoIWRGcQbPrj
                                    MD5:BEF2BF437529B46605B5C2E2414C5A90
                                    SHA1:BF3AEBB7D25000FDCC68B9ACA323A2DE5F79ECE3
                                    SHA-256:17216FA24882B1AB77F3929C7133513EAFB9CC164892C68F00FB9A4D9052BFF7
                                    SHA-512:C4D2FBB64913BBDAFD6E65F0FB9AA9668EE633EE4DEBDA9702DEF70F6BFC402AE81D64EDBD50B215E76A4B99BF55FCE05428FB43C87FB8B5AF16ECEADD58F3C9
                                    Malicious:false
                                    Preview:..[.I.n.f.o.].....N.a.m.e.=.I.N.T.L.....V.e.r.s.i.o.n.=.1...0.0...0.0.0.....D.i.s.k.S.p.a.c.e.=.8.0.0.0...;.D.i.s.k.S.p.a.c.e. .r.e.q.u.i.r.e.m.e.n.t. .i.n. .K.B.........[.S.t.a.r.t.u.p.].....C.m.d.L.i.n.e.=.....S.u.p.p.r.e.s.s.W.r.o.n.g.O.S.=.Y.....S.c.r.i.p.t.D.r.i.v.e.n.=.0.....S.c.r.i.p.t.V.e.r.=.1...0...0...1.....D.o.t.N.e.t.O.p.t.i.o.n.a.l.I.n.s.t.a.l.l.I.f.S.i.l.e.n.t.=.N.....O.n.U.p.g.r.a.d.e.=.1.....P.r.o.d.u.c.t.=.S.t.r.u.c.t.u.r.e.d. .S.e.t.t.l.e.m.e.n.t.s.....P.a.c.k.a.g.e.N.a.m.e.=.S.t.r.u.c.t.u.r.e.d. .S.e.t.t.l.e.m.e.n.t.s...m.s.i.....E.n.a.b.l.e.L.a.n.g.D.l.g.=.N.....L.o.g.R.e.s.u.l.t.s.=.N.....D.o.M.a.i.n.t.e.n.a.n.c.e.=.N.....P.r.o.d.u.c.t.C.o.d.e.=.{.7.A.4.7.0.A.9.C.-.C.6.D.5.-.4.1.1.A.-.9.E.6.6.-.4.2.C.3.D.1.B.C.C.1.0.D.}.....P.r.o.d.u.c.t.V.e.r.s.i.o.n.=.6...5...0...1.....U.p.g.r.a.d.e.C.o.d.e.=.{.9.5.9.4.8.F.0.D.-.1.9.F.F.-.4.0.D.B.-.A.1.2.F.-.1.4.A.9.6.4.1.6.3.E.D.E.}.....L.a.u.n.c.h.e.r.N.a.m.e.=.A.G.L.C.S.t.r.u.c.t.u.r.e.d.S.e.t.t.l.e.m.e.n.t.s.I.n.s.t.a.l.l.e.

                                    C:\Users\user\AppData\Local\Temp\~2FBF.tmp

                                    Download File
                                    Process:C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exe
                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                    Category:modified
                                    Size (bytes):5756
                                    Entropy (8bit):3.730369655428694
                                    Encrypted:false
                                    SSDEEP:96:rEhkMaE6CMrRWuYOkokOr+ON/XsEbFWaEPRhS+gWPQPgWRGTwQbPrvnp6kY05w7e:YhcpHrRnxkElcuQaEZhdxoIWRGcQbPrj
                                    MD5:BEF2BF437529B46605B5C2E2414C5A90
                                    SHA1:BF3AEBB7D25000FDCC68B9ACA323A2DE5F79ECE3
                                    SHA-256:17216FA24882B1AB77F3929C7133513EAFB9CC164892C68F00FB9A4D9052BFF7
                                    SHA-512:C4D2FBB64913BBDAFD6E65F0FB9AA9668EE633EE4DEBDA9702DEF70F6BFC402AE81D64EDBD50B215E76A4B99BF55FCE05428FB43C87FB8B5AF16ECEADD58F3C9
                                    Malicious:false
                                    Preview:..[.I.n.f.o.].....N.a.m.e.=.I.N.T.L.....V.e.r.s.i.o.n.=.1...0.0...0.0.0.....D.i.s.k.S.p.a.c.e.=.8.0.0.0...;.D.i.s.k.S.p.a.c.e. .r.e.q.u.i.r.e.m.e.n.t. .i.n. .K.B.........[.S.t.a.r.t.u.p.].....C.m.d.L.i.n.e.=.....S.u.p.p.r.e.s.s.W.r.o.n.g.O.S.=.Y.....S.c.r.i.p.t.D.r.i.v.e.n.=.0.....S.c.r.i.p.t.V.e.r.=.1...0...0...1.....D.o.t.N.e.t.O.p.t.i.o.n.a.l.I.n.s.t.a.l.l.I.f.S.i.l.e.n.t.=.N.....O.n.U.p.g.r.a.d.e.=.1.....P.r.o.d.u.c.t.=.S.t.r.u.c.t.u.r.e.d. .S.e.t.t.l.e.m.e.n.t.s.....P.a.c.k.a.g.e.N.a.m.e.=.S.t.r.u.c.t.u.r.e.d. .S.e.t.t.l.e.m.e.n.t.s...m.s.i.....E.n.a.b.l.e.L.a.n.g.D.l.g.=.N.....L.o.g.R.e.s.u.l.t.s.=.N.....D.o.M.a.i.n.t.e.n.a.n.c.e.=.N.....P.r.o.d.u.c.t.C.o.d.e.=.{.7.A.4.7.0.A.9.C.-.C.6.D.5.-.4.1.1.A.-.9.E.6.6.-.4.2.C.3.D.1.B.C.C.1.0.D.}.....P.r.o.d.u.c.t.V.e.r.s.i.o.n.=.6...5...0...1.....U.p.g.r.a.d.e.C.o.d.e.=.{.9.5.9.4.8.F.0.D.-.1.9.F.F.-.4.0.D.B.-.A.1.2.F.-.1.4.A.9.6.4.1.6.3.E.D.E.}.....L.a.u.n.c.h.e.r.N.a.m.e.=.A.G.L.C.S.t.r.u.c.t.u.r.e.d.S.e.t.t.l.e.m.e.n.t.s.I.n.s.t.a.l.l.e.

                                    C:\Users\user\AppData\Local\Temp\~320E.tmp

                                    Download File
                                    Process:C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exe
                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):5756
                                    Entropy (8bit):3.730369655428694
                                    Encrypted:false
                                    SSDEEP:96:rEhkMaE6CMrRWuYOkokOr+ON/XsEbFWaEPRhS+gWPQPgWRGTwQbPrvnp6kY05w7e:YhcpHrRnxkElcuQaEZhdxoIWRGcQbPrj
                                    MD5:BEF2BF437529B46605B5C2E2414C5A90
                                    SHA1:BF3AEBB7D25000FDCC68B9ACA323A2DE5F79ECE3
                                    SHA-256:17216FA24882B1AB77F3929C7133513EAFB9CC164892C68F00FB9A4D9052BFF7
                                    SHA-512:C4D2FBB64913BBDAFD6E65F0FB9AA9668EE633EE4DEBDA9702DEF70F6BFC402AE81D64EDBD50B215E76A4B99BF55FCE05428FB43C87FB8B5AF16ECEADD58F3C9
                                    Malicious:false
                                    Preview:..[.I.n.f.o.].....N.a.m.e.=.I.N.T.L.....V.e.r.s.i.o.n.=.1...0.0...0.0.0.....D.i.s.k.S.p.a.c.e.=.8.0.0.0...;.D.i.s.k.S.p.a.c.e. .r.e.q.u.i.r.e.m.e.n.t. .i.n. .K.B.........[.S.t.a.r.t.u.p.].....C.m.d.L.i.n.e.=.....S.u.p.p.r.e.s.s.W.r.o.n.g.O.S.=.Y.....S.c.r.i.p.t.D.r.i.v.e.n.=.0.....S.c.r.i.p.t.V.e.r.=.1...0...0...1.....D.o.t.N.e.t.O.p.t.i.o.n.a.l.I.n.s.t.a.l.l.I.f.S.i.l.e.n.t.=.N.....O.n.U.p.g.r.a.d.e.=.1.....P.r.o.d.u.c.t.=.S.t.r.u.c.t.u.r.e.d. .S.e.t.t.l.e.m.e.n.t.s.....P.a.c.k.a.g.e.N.a.m.e.=.S.t.r.u.c.t.u.r.e.d. .S.e.t.t.l.e.m.e.n.t.s...m.s.i.....E.n.a.b.l.e.L.a.n.g.D.l.g.=.N.....L.o.g.R.e.s.u.l.t.s.=.N.....D.o.M.a.i.n.t.e.n.a.n.c.e.=.N.....P.r.o.d.u.c.t.C.o.d.e.=.{.7.A.4.7.0.A.9.C.-.C.6.D.5.-.4.1.1.A.-.9.E.6.6.-.4.2.C.3.D.1.B.C.C.1.0.D.}.....P.r.o.d.u.c.t.V.e.r.s.i.o.n.=.6...5...0...1.....U.p.g.r.a.d.e.C.o.d.e.=.{.9.5.9.4.8.F.0.D.-.1.9.F.F.-.4.0.D.B.-.A.1.2.F.-.1.4.A.9.6.4.1.6.3.E.D.E.}.....L.a.u.n.c.h.e.r.N.a.m.e.=.A.G.L.C.S.t.r.u.c.t.u.r.e.d.S.e.t.t.l.e.m.e.n.t.s.I.n.s.t.a.l.l.e.

                                    C:\Users\user\AppData\Local\Temp\~321E.tmp

                                    Download File
                                    Process:C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exe
                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):5756
                                    Entropy (8bit):3.730369655428694
                                    Encrypted:false
                                    SSDEEP:96:rEhkMaE6CMrRWuYOkokOr+ON/XsEbFWaEPRhS+gWPQPgWRGTwQbPrvnp6kY05w7e:YhcpHrRnxkElcuQaEZhdxoIWRGcQbPrj
                                    MD5:BEF2BF437529B46605B5C2E2414C5A90
                                    SHA1:BF3AEBB7D25000FDCC68B9ACA323A2DE5F79ECE3
                                    SHA-256:17216FA24882B1AB77F3929C7133513EAFB9CC164892C68F00FB9A4D9052BFF7
                                    SHA-512:C4D2FBB64913BBDAFD6E65F0FB9AA9668EE633EE4DEBDA9702DEF70F6BFC402AE81D64EDBD50B215E76A4B99BF55FCE05428FB43C87FB8B5AF16ECEADD58F3C9
                                    Malicious:false
                                    Preview:..[.I.n.f.o.].....N.a.m.e.=.I.N.T.L.....V.e.r.s.i.o.n.=.1...0.0...0.0.0.....D.i.s.k.S.p.a.c.e.=.8.0.0.0...;.D.i.s.k.S.p.a.c.e. .r.e.q.u.i.r.e.m.e.n.t. .i.n. .K.B.........[.S.t.a.r.t.u.p.].....C.m.d.L.i.n.e.=.....S.u.p.p.r.e.s.s.W.r.o.n.g.O.S.=.Y.....S.c.r.i.p.t.D.r.i.v.e.n.=.0.....S.c.r.i.p.t.V.e.r.=.1...0...0...1.....D.o.t.N.e.t.O.p.t.i.o.n.a.l.I.n.s.t.a.l.l.I.f.S.i.l.e.n.t.=.N.....O.n.U.p.g.r.a.d.e.=.1.....P.r.o.d.u.c.t.=.S.t.r.u.c.t.u.r.e.d. .S.e.t.t.l.e.m.e.n.t.s.....P.a.c.k.a.g.e.N.a.m.e.=.S.t.r.u.c.t.u.r.e.d. .S.e.t.t.l.e.m.e.n.t.s...m.s.i.....E.n.a.b.l.e.L.a.n.g.D.l.g.=.N.....L.o.g.R.e.s.u.l.t.s.=.N.....D.o.M.a.i.n.t.e.n.a.n.c.e.=.N.....P.r.o.d.u.c.t.C.o.d.e.=.{.7.A.4.7.0.A.9.C.-.C.6.D.5.-.4.1.1.A.-.9.E.6.6.-.4.2.C.3.D.1.B.C.C.1.0.D.}.....P.r.o.d.u.c.t.V.e.r.s.i.o.n.=.6...5...0...1.....U.p.g.r.a.d.e.C.o.d.e.=.{.9.5.9.4.8.F.0.D.-.1.9.F.F.-.4.0.D.B.-.A.1.2.F.-.1.4.A.9.6.4.1.6.3.E.D.E.}.....L.a.u.n.c.h.e.r.N.a.m.e.=.A.G.L.C.S.t.r.u.c.t.u.r.e.d.S.e.t.t.l.e.m.e.n.t.s.I.n.s.t.a.l.l.e.

                                    C:\Users\user\AppData\Local\Temp\~47BB.tmp

                                    Download File
                                    Process:C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exe
                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):5756
                                    Entropy (8bit):3.730369655428694
                                    Encrypted:false
                                    SSDEEP:96:rEhkMaE6CMrRWuYOkokOr+ON/XsEbFWaEPRhS+gWPQPgWRGTwQbPrvnp6kY05w7e:YhcpHrRnxkElcuQaEZhdxoIWRGcQbPrj
                                    MD5:BEF2BF437529B46605B5C2E2414C5A90
                                    SHA1:BF3AEBB7D25000FDCC68B9ACA323A2DE5F79ECE3
                                    SHA-256:17216FA24882B1AB77F3929C7133513EAFB9CC164892C68F00FB9A4D9052BFF7
                                    SHA-512:C4D2FBB64913BBDAFD6E65F0FB9AA9668EE633EE4DEBDA9702DEF70F6BFC402AE81D64EDBD50B215E76A4B99BF55FCE05428FB43C87FB8B5AF16ECEADD58F3C9
                                    Malicious:false
                                    Preview:..[.I.n.f.o.].....N.a.m.e.=.I.N.T.L.....V.e.r.s.i.o.n.=.1...0.0...0.0.0.....D.i.s.k.S.p.a.c.e.=.8.0.0.0...;.D.i.s.k.S.p.a.c.e. .r.e.q.u.i.r.e.m.e.n.t. .i.n. .K.B.........[.S.t.a.r.t.u.p.].....C.m.d.L.i.n.e.=.....S.u.p.p.r.e.s.s.W.r.o.n.g.O.S.=.Y.....S.c.r.i.p.t.D.r.i.v.e.n.=.0.....S.c.r.i.p.t.V.e.r.=.1...0...0...1.....D.o.t.N.e.t.O.p.t.i.o.n.a.l.I.n.s.t.a.l.l.I.f.S.i.l.e.n.t.=.N.....O.n.U.p.g.r.a.d.e.=.1.....P.r.o.d.u.c.t.=.S.t.r.u.c.t.u.r.e.d. .S.e.t.t.l.e.m.e.n.t.s.....P.a.c.k.a.g.e.N.a.m.e.=.S.t.r.u.c.t.u.r.e.d. .S.e.t.t.l.e.m.e.n.t.s...m.s.i.....E.n.a.b.l.e.L.a.n.g.D.l.g.=.N.....L.o.g.R.e.s.u.l.t.s.=.N.....D.o.M.a.i.n.t.e.n.a.n.c.e.=.N.....P.r.o.d.u.c.t.C.o.d.e.=.{.7.A.4.7.0.A.9.C.-.C.6.D.5.-.4.1.1.A.-.9.E.6.6.-.4.2.C.3.D.1.B.C.C.1.0.D.}.....P.r.o.d.u.c.t.V.e.r.s.i.o.n.=.6...5...0...1.....U.p.g.r.a.d.e.C.o.d.e.=.{.9.5.9.4.8.F.0.D.-.1.9.F.F.-.4.0.D.B.-.A.1.2.F.-.1.4.A.9.6.4.1.6.3.E.D.E.}.....L.a.u.n.c.h.e.r.N.a.m.e.=.A.G.L.C.S.t.r.u.c.t.u.r.e.d.S.e.t.t.l.e.m.e.n.t.s.I.n.s.t.a.l.l.e.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Activation.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):12288
                                    Entropy (8bit):4.986323337430565
                                    Encrypted:false
                                    SSDEEP:192:FMUc0BSrhG2hFDk67+tJTTJk5N05/muNWQ9Lg4byOTIPm8Mjpwy:Ftc0BO7FwPLFv/muNWQ9Lg4BEPmLj3
                                    MD5:C9CF6DC7438F0C91C5ADBF50D5964AC4
                                    SHA1:BDF72FA1CF82472F2D8EF29B9222455DE337B93B
                                    SHA-256:DF826F4A25C0083685586142BC09F7262B717CE7208031DC82C4B8B96B8F842C
                                    SHA-512:4BFBBEC0701ACE60FE675EC29503C9F0317B03364E7FB54F6F4BA330FB019691EA387F9008D058431E1F2B79F119EFE508AD387EE2C2183400A96D013B035388
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...9.;e.........." ..0..&...........E... ...`....... ....................................`..................................E..O....`..............................pD............................................... ............... ..H............text....&... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................E......H.......d(...............A...............................................0..@........(.....+...(......o.....(....,.......(....-...........o......*.*........'.........(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*v.~....}.....~....}.....(....*J.{.....o....,..*.*"..(....*"..(....*...0..M........s....}.....(.....o.....+...(......{.....o....o......(....-...........o.....*...........&>........{....*"..}....*..{....*"..}....*..{....*"..}....*..s....}.....s....}.....(....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Agents.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):9728
                                    Entropy (8bit):4.7833110474667935
                                    Encrypted:false
                                    SSDEEP:192:i5fSHRMsfxjhgmB7cyqmYehGK1rkfL8W2O:m6xMa/gkcyq/Up1gIWH
                                    MD5:E612BEB68F7DF8F07C3AA9B5B1347267
                                    SHA1:FB1945BBA7D6C12FBFFB5E172E928E229D137C0E
                                    SHA-256:DE178A010334E0037139768E28570D70E9E623419AB494410EC06B292A5550AA
                                    SHA-512:D44A47F4901907E130039FC7F91AB9092A256812EDF1B9A2BAC24285A78C4C19AF0BD6D872E5D8A997D77E020D7499FE56D4D55885A3F71BADC50D9C771AFE30
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6.;e.........." ..0.............n<... ...@....... ....................................`..................................<..O....@.......................`.......:............................................... ............... ..H............text...t.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B................P<......H.......t#..p.............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..0...........~....}.....~....}.....~....}.....~....}.....~....}.....~....}.....~....}.....s....}.....~....}.....~....}.....~....}.....~....}.....~....}.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Calc.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):110080
                                    Entropy (8bit):5.676355503970769
                                    Encrypted:false
                                    SSDEEP:1536:8xKxKxlx9fuS8mM1DrRRm3eY10QFADTY4vRji1OO4cYM96A5nC0TlVSV5:8xKxKxlxpuS8RJeDS5vRjiNJvhMV5
                                    MD5:341886DC8B9F0D919C994A8C503AD5F2
                                    SHA1:CEC8C27CEAB149E3E0FEBA886EDF2A3956C160F3
                                    SHA-256:77A171DFBB93EF47D1EADF6A70446D2B7219D270264171D8E035EC9670B9F41B
                                    SHA-512:74271F3BCDE4837A12E47B1AC2DC1D9D306EBCAA43113E8A99B2F6925475C0089F828892C2D1409DC2C9A23CBB7A1CC76E19599247D4F9B7498EC4381957C4EA
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...7.;e.........." ..0.............J.... ........... ....................... ............`.....................................O.................................................................................... ............... ..H............text...P.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................,.......H...........L...........................................................2.{....oX...*..{....*"..}....*..{....*"..}....*2.{....ol...*..{....*"..}....*....0..:........(.....1'.{....oZ....{....oV....(....o....s....*.........*...0..N........{....oR.......{....oR.....3'.{....oZ....{....oV....(....o....s....*.........*...0..U........(......}......}......{....oT....{....oV...(....}.....(.....(.....{....oz...,..(....*....0.."........{....oz..........3..(....*.(....*...0...........{..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.ClientCaseInfo.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):10752
                                    Entropy (8bit):4.875337413026049
                                    Encrypted:false
                                    SSDEEP:96:En39DWbVMcpimOIkv8lbGykb4fByBN1VZ5p8Fy56ci1qg3VV4F+cSJlWZHCm:EpWhzkElbGyXy9VZD8MIcKjzllWYm
                                    MD5:27415BCFCA73FB4D3724A2BABDD1750E
                                    SHA1:7DFF774C5F4C507B14F83C1C3288648FC13AC607
                                    SHA-256:5B805D65DACDDE027B2686A68ECABF92FDCD04B6713141D5BFCC331A77763765
                                    SHA-512:210DF96A323F8A925B9D62F2FEA148CB296DBDFD000BF549A15F5CFAD96C13E3095B0007358AE70C6320F7A83C1E03131DE1670691B701BC47ED5527365315C4
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...7.;e.........." ..0.. ...........>... ...@....... ....................................`.................................`>..O....@.......................`......(=............................................... ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B.................>......H.......$%................................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*..0..5........,1.o.....+...(.......(......(....-...........o.....*............&.......0..F........,B.o.....+ ..(.......o......o....s....(......(....-...........o.....*..........-7......6.(.....o....*2.(....o....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*...0............}.....{....o.....{....o....o....o.....(....o ....{....o....o..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.ClientInfo.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):44544
                                    Entropy (8bit):5.780864974947333
                                    Encrypted:false
                                    SSDEEP:768:Gqm9pH5Grnu1s9Qm/zybjbLkf4pldl7ysWzs:duH5GDoM/Lyrm6ld4Tzs
                                    MD5:D0A458C29C73ABAEA3C17FCD626EA74A
                                    SHA1:2F7A7B50908048EA60BE054C03167B535184C927
                                    SHA-256:5E9BC9CBBBA7A5050043A08741E1E6EAD3A2A8A0BB8138277037D82D7381AF7C
                                    SHA-512:D8696A697B8FDAA50FA08C6D01BD916200FAA2709BF616BD43E9DA5065C80C1141B7B89815F45F884D447958A5A4B1E6AB575AC0293F0BA446C72766E4F66FA8
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6.;e.........." ..0.................. ........... ....................... ............`.................................T...O.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......,F...|............................................................{....*..{....*..{....*..{....*..(......}......}......}.......}....*....0..k........u......,_(.....{.....{....o....,G(.....{.....{....o....,/( ....{.....{....o!...,.("....{.....{....o#...*.*..0..b....... ... )UU.Z(.....{....o$...X )UU.Z(.....{....o%...X )UU.Z( ....{....o&...X )UU.Z("....{....o'...X*...0...........r...p......%..{.....................-.q.............-.&.+.......o(....%..{.................

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.ClientReader.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):12288
                                    Entropy (8bit):4.723205152189448
                                    Encrypted:false
                                    SSDEEP:192:hIPcIWOi+BePL3xevxd45TFx9zfj+aL7f0/yAjL6fNIM:hIPcIWOi+BePLA45Fx5yaYL2h
                                    MD5:7F5E21219FAE796898CEF6BFA96A499F
                                    SHA1:19F8378EBDE8733B0C390ADECD9BF3CC46D8FF23
                                    SHA-256:3932B755759359DB3FFF8538B5875DEF8A745A41CDC675BD0DCC9339784046D8
                                    SHA-512:E4E502BBF698D7A3E555D3B4D5F4915D15A2226578DE0A212FBA6ED1F94021162BDC308905E9C0F08C6DE624D4B7C2475D75C6B1342C5843217B8CC3823AB047
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...52.d.........." ..0..&...........D... ...`....... ....................................`..................................D..O....`..(...........................TC............................................... ............... ..H............text....$... ...&.................. ..`.rsrc...(....`.......(..............@..@.reloc..............................@..B.................D......H.......,+..(...........................................................:.(......}....*..0...........{....o.......(....*V.{....o....%-.&r...p*V.{....o....%-.&r...p*.0..=........{....o.......(....-.r...p*.{....o.......(.............o....*....0..7........{....o.......(....-.r...p*.{....o.......(.......(....*..0...........{....o........(....*....0...........{....o........(....(....*...0..=........{....o.......( ...-.r...p*.{....o.......(!............o....*V.(......}......}....*2

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Credit.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):43520
                                    Entropy (8bit):5.7200392312457025
                                    Encrypted:false
                                    SSDEEP:768:jzh+BMgWn4YONz9vlrahR0UV7gwIx9Aioa1ox:jzmvplmqUV72Aio/
                                    MD5:6D06E0AD529519465C94DDB12C1410CE
                                    SHA1:12DC1F48AA13BF194600627B5E0DDE6A9BF8BABF
                                    SHA-256:03A3ECD271B09F12966FC751315BFEEA935AB24BD0734E80D3382D69F4077538
                                    SHA-512:655F822737D2353AA65A473770E5A123374D195AFC6818D81C205F5EADE0B4F6C2C6A9DFD9B4C61F210E0706E940A88332B2BCC0C3D49A1E817D358821FBE679
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6.;e.........." ..0.................. ........... ....................... ............`.................................d...O...................................,................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......`N...n............................................................{....*..{....*..{....*..{....*..{....*..{....*"..}....*..{....*"..}....*..{....*...0..L........(......}......}......}.......}.......}.......(.......(.......}.......}....*.0..'........(......r...p.7...(....o.....7...}......r...p.9...(....o....t9...}......r...p.9...(....o....t9...}......r5..p.....(....o.........}......rQ..p.....(....o....t....}......rs..p.....(....o.........}......r...p.9...(....o....t9..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Data.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):70656
                                    Entropy (8bit):5.940808428901624
                                    Encrypted:false
                                    SSDEEP:1536:yUMsE7wG7SuwVoA9hcnOgPO7XMR1C+nCvmNEI86vCO:0sEsiSVAhOrMRhhNpv7
                                    MD5:2687612E079A437DCD7E1D528F38B40E
                                    SHA1:0A9F7D1DBE4C11E97AF639349D971816535E1AE1
                                    SHA-256:DF1F6AD86D93002A1884A7A27EFCBD577BC86776CC73AD99CF3293BA610F0294
                                    SHA-512:08B3122E3CE50906E6F7B1C6F90B051375DF2D646B94B62733520CA3317A405E1A55E3227D4856C36CB30A4AA9D27D7D7DFC0B522E1D99E7BC6EAD584E29D4EA
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6.;e.........." ..0.............V*... ...@....... ....................................`..................................*..O....@.......................`.......(............................................... ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................8*......H........c...............................................................0..;........(.....+...(......o.....3.......(....-.......%...o......*.*.........")........(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*J.r...p}.....(....*..(....*..{....*"..}....*..{....*"..}....*J.r...p}.....(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*...0..@........(.......(....,&..(......-....(.......(....(....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Deployment.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):7168
                                    Entropy (8bit):4.378007834009325
                                    Encrypted:false
                                    SSDEEP:96:ShrV8gB7mrAxVaw79NTa/VKy28/VKAesStSRnSO+IkZ:STIrmVaw7PTa/V528/ViBSg
                                    MD5:72A62938C272F57CDFAF3575BB98F859
                                    SHA1:3D837BEBB67D4D02C49269CF53214F58A77B1C75
                                    SHA-256:DDF47E193535E78A929FA2388D0568A02514353FCABF77E5EF15DF3FDE9E0E72
                                    SHA-512:258F6DFBDE67D072F2063445D3A386BD962856BA120DB4A154C38FBE3301BE26050BC460F7CDD62F2AD1D53F52B6CCC16C392183B1BFC16D0BE0D19C41EC1F6F
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....GO...........!.................2... ...@....@.. ....................................@.................................`2..K....@.......................`.......1............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H........!..,............................................................0..U.......(....r...po....o....r...po....,.(....,..(......o....,..o......&r...pr...p...(....&..*...........>>.......0..[.......(....r...po....o....r...po....,..(......o....+.r...pr...p...(....&..&r...pr...p...(....&..*.........DD.......0..Y.......s......r...ps....o......o.....r/..po......(....o.....(....r...po....o .....o!.....o"....*..(#...*...BSJB............v4.0.30319......l...X...#~......8...#Strings

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Enumerations.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):16384
                                    Entropy (8bit):5.292263588429404
                                    Encrypted:false
                                    SSDEEP:384:pYcXMkNgKZFhRmuxlQM5GzSUP6Q9SrHncno60Msnc5vWp:KcXMkNnFkP0Xc5O
                                    MD5:C938E04BCAB3A5728B1F69D7E625E2DA
                                    SHA1:0AE7E61A4BB26F301716C26299E6CF562EBA1F4E
                                    SHA-256:F398821FD8DFAE240909980FF3EF2A433DD4BD0BEB5095500321A529DF157775
                                    SHA-512:A29E708557E5C5E35508E8AF265B3A3CDB37C8894353F9316E7EE97E97CE026B5A47464A4154EB2D040A8048B0A95909D2E6469775D4918CABD7EB4F8DA76C97
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5.;e.........." ..0..6...........T... ...`....... ....................................`..................................T..O....`..............................TS............................................... ............... ..H............text....4... ...6.................. ..`.rsrc........`.......8..............@..@.reloc...............>..............@..B.................T......H.......<!...2...........................................................0............#........%.W.W..YE............/...F...]...t.......*.#......I@W.#......I@W*.#{..G.P@W.#{..G.P@W*.#......R@W.#......R@W*.#......Y@W.#......Y@W*.#......Y@W.#......I@W*.#......Y@W.#{..G.P@W*.#......Y@W.#......R@W*..(....*..BSJB............v4.0.30319......l...l...#~..........#Strings.....-......#US..-......#GUID...........#Blob...........W..........3............-.......E...+...................

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Helpers.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):25088
                                    Entropy (8bit):5.498286029340412
                                    Encrypted:false
                                    SSDEEP:384:JJEUFekGL+xzYcQCh/PN1i3KPX6vYWhX90Xa79dlUm8VBZMJQQcEoejhZeMb3EVn:JhFeNL+x7pNRQHhX9ZS2OQTeMb3EVCU
                                    MD5:1E026FD6A5AD7D14080B32B4FF320EAE
                                    SHA1:009825874DF7C0B5797AF607170D62E3A2F621CF
                                    SHA-256:01C04D543585187EC90FF22055159C7C2229D9DC162CBCFACD7B30052CBB9DB6
                                    SHA-512:A3BE27EE31995FD63718CC4E8B82AB8F5A3F652F87EE7ECFFC9F7C469F76C7F2402329CAE86FAE7005DB70F3870EC25C54BA27E9D178672EB666E276C1CBA355
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6.;e.........." ..0..X..........Zv... ........... ....................................`..................................v..O....................................t............................................... ............... ..H............text...pV... ...X.................. ..`.rsrc................Z..............@..@.reloc...............`..............@..B................<v......H.......l?..d5...........................................................0............(.......(.......(.......(.......(........(............1...Y..++.../...Y.Y..+....3....2...Y..+..../...Y.Y........15...Y.1....X.....Y.3..../........2....X.....Y./V....+P.../2....Y.X%.3....2....X...../.....%.1....X.../.....+....3..../....X.....2........3......*..l..($...X*.0............(.......(.......(.......(.......(........(............1...Y...,B...X..+:.../...Y.Y..+,...3'...2...Y........_,.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Messages.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):8704
                                    Entropy (8bit):4.905730010729166
                                    Encrypted:false
                                    SSDEEP:192:4vpiYiwuo3n+TMwr/S3TXJl79awqp9tn6GX7hBPrVlWOA:upXii+TPUrJl795w9tn6y7hBzVlWd
                                    MD5:ACA8828E4EBE6F0A41CF3E78A71B87A3
                                    SHA1:B63202685C5C8F91303BBB47053C98DB09E25222
                                    SHA-256:9AA356FEC0AF35841BBFA08FAECDD9475AA57FA4FEC4E4C99A19AA62607E76B0
                                    SHA-512:6E4BBE7D7351F80E594D12A7C17BB7C09DB00A1CF3F8E30EDF329FA04BA25476ADBFF43437FC02606D600A68BB00DFEF43F5A2F02AB56537531D609FC6A98C28
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6.;e.........." ..0..............9... ...@....... ....................................`.................................t9..O....@.......................`......<8............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................9......H.......@#..d............5................................................{....*"..}....*..{....*"..}....*..~....}.....(......(......(....*J.~....}.....(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..~....}.....(......o....(......o....(......o....(....*..~....}.....(......(......(......(....*..~....}.....(......(......(....*J.~....}.....(....*Fs.....(....o...+*..0..T........(.....+...(......o....o.....o....(....,..o....s.........(....-...........o.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Mortality.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):25600
                                    Entropy (8bit):5.585431889284719
                                    Encrypted:false
                                    SSDEEP:768:9XQZcGAojf4rMcwk5cJs9csohreyFeoq:xQZcHg8cNrey2
                                    MD5:02CBB0B65D8B399B199C2304B94950B7
                                    SHA1:0D6E36F02E0DC6B26E6999D3934F150C125E7BE8
                                    SHA-256:CCC04F02E0295FF9D5732AA32992D41363B763A93394DB6B465F1C62CB089C49
                                    SHA-512:91BFBEA9C207347BB618D639B11C30CD20CE19FB85AFCC1171BD2548A9B77A54C770DE24B38C9882B67F7CA94CC22AFE68DEA4F46D7F18539CDB9A3EC03852A1
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...7.;e.........." ..0..Z...........x... ........... ....................................`.................................hx..O...................................0w............................................... ............... ..H............text....X... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B.................x......H.......P5...A............................................................{....*..{....*V.(......}......}....*...0..;........u......,/( ....{.....{....o!...,.("....{.....{....o#...*.*. .... )UU.Z( ....{....o$...X )UU.Z("....{....o%...X*.0...........r...p......%..{.....................-.q.............-.&.+.......o&....%..{.....................-.q.............-.&.+.......o&....('...*..s....*.0..........rS..ps(...()...(*...t......ob......@.....A.....@...~+...~+.....A...~+...~+..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.PDFViewer.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):55808
                                    Entropy (8bit):5.884530722461495
                                    Encrypted:false
                                    SSDEEP:1536:YbIIJaS17fNY9hE7ELduDQrR/Ens61nP:YMIJaS17fNY9FBEns6t
                                    MD5:19FB9BB9A828861F7B3194A7FDA000AB
                                    SHA1:440A31941DE044B911282E44F3210D3CDB9DCB12
                                    SHA-256:AA5723E8CBE6F40EB1D990B778B8A3BD6BDA9D63BE21372F98D8CC356B52ABD6
                                    SHA-512:C3ABB3BC628D2F552A67D113B05070F2BEA55DC1CD0C52205FC357DA6C29661E33C4AD8EAFB400D22935AA657958FE9B260CBDC67DD6FED0648676AC7F6FE6CF
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...8.;e.........." ..0.............*.... ........... .......................@............`.....................................O.......,.................... ....................................................... ............... ..H............text...0.... ...................... ..`.rsrc...,...........................@..@.reloc....... ......................@..B........................H.......TI...Q..........0...pQ...........................................0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..h........(.....( ...r...prq..p(.....{....o...........s....o.....{.....o.....{.....o.....{.....o.....{.....o....*.0...........o......u'.....,n.o ... .. .3a.{....o....o!...o"...,Js#...%o$...(/..........s%...o&...&.o....o'....o(...s).....{.....o*...o+...*Z.{....o....o!...(,...*..(.....{.....o-.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Print.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):368640
                                    Entropy (8bit):7.422388945987697
                                    Encrypted:false
                                    SSDEEP:6144:dLiykHe0DefbejGqdJHCiphDFFL7VhLOB3eoEEj8v3PCbAwJ:dLiz+iZjtvn/LJoBkEkPsdJ
                                    MD5:257418D1C364FBB92FA1F3D3778F4203
                                    SHA1:8758B294702BABE3EA08A97203BB59227E3AD186
                                    SHA-256:83CCD0D17E175CA9E73D97C3E7813D0F56C1DF1083273CDFCCFEBDE126A05D79
                                    SHA-512:AFF23FEFD02DD4A59068686F71031B8CBE31C05C85012D7DE89B4D49ED09CE8C00D6CE3C0B248FB6272BD93614F528B5E3360BE6F1B527B4DF8C72934401F165
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...8.;e.........." ..0.............z.... ........... ....................................`.................................(...O................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................\.......H.......\?...:...........z...:............................................{....*..{....*..{ ...*..{!...*..(".....}......}......} ......}!...*....0..k........u......,_(#....{.....{....o$...,G(%....{.....{....o&...,/('....{ ....{ ...o(...,.()....{!....{!...o*...*.*..0..b....... ..uP )UU.Z(#....{....o+...X )UU.Z(%....{....o,...X )UU.Z('....{ ...o-...X )UU.Z()....{!...o....X*...0...........r...p......%..{.....................-.q.............-.&.+.......o/....%..{.................

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.ProductInfo.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):22016
                                    Entropy (8bit):5.630941730748361
                                    Encrypted:false
                                    SSDEEP:384:FfYTQjW3/SvinEAf3RVE9FXm+VPs4CUHT3U2qWIH:FYQSPM0hVadN0IXk
                                    MD5:F6036EDCE3811C46D33B9536C21D9DE4
                                    SHA1:230144F7382F9854FCEB28E186E571B5A239645F
                                    SHA-256:5BE6E44203EE9A5AF17F38C72125FC11A16E9BCC9D59B781A3BA302B3400719B
                                    SHA-512:7CBA262B3E4FF5615756720B66F2FD76DA7796B40A1222E673FFB11A9AA25836B99BD80187C3FF7FF8964531589BFB50DD6EED597D98FE6B03BA74488C5F8825
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6.;e.........." ..0..N...........m... ........... ....................................`..................................m..O...................................\l............................................... ............... ..H............text....M... ...N.................. ..`.rsrc................P..............@..@.reloc...............T..............@..B.................m......H.......D*...B...........................................................0..D..........(.....+...(......o.....o....,..%......(....-...........o......*.*........)2........(....*..{....*..{....*v.s....}.....s....}.....(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*..{....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Splash.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):131072
                                    Entropy (8bit):7.575439360311943
                                    Encrypted:false
                                    SSDEEP:3072:Ljn2tuVibVvW7HAO/+V/1OQ7HJSM4t8E0UD3To:LtitKA4+VdOQVSMW83M
                                    MD5:DA85004B6AC926602C34B954E35835AD
                                    SHA1:FF253EAF956E50064A266428A97F3BAEA36387B3
                                    SHA-256:9B9C6678A065FE4858D75B876D5EF97A5D8B8549A559176BD2DDB85ED3FFB2A6
                                    SHA-512:1DBAE18B49F9C3109F54F2C1119A50C1A15F5D51F550CB6BDB65F25575F2800113EBFC438C2141D8BD0054DF5E5744F19EFA2AD31E306E134220BB6C9FF6B856
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...9.;e.........." ..0.............n.... ... ....... .......................`............`.....................................O.... .......................@....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................P.......H........(..\...........d?...............................................0...........(.....(.....{....~....o.....{....~....o......(......(......(.....................o....,6..(.....{....o.....o.....{....o......o.....{.....o......{....%-.&s....}......{....s....}....*.~....,)~....{....r...p.( ...o....~....{....o!...*.0..U.......~....,M~....{.....o....~....{....o!....................o....,..{....o"....{....o#...*.*..(....*..0..H............. X...(....~.....o....~...........s$...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Validation.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):45568
                                    Entropy (8bit):5.429039106627063
                                    Encrypted:false
                                    SSDEEP:768:NO2jVUQPfXlSvPKv2cUwxFMwfD/l0sp26:V5BXgvPKewDDfD/lt26
                                    MD5:4FFC035D2AB6A2FC550925BD7203524E
                                    SHA1:F90CF6B5FB8A318F72588AFCDDCDDE3371988C04
                                    SHA-256:DED1964A05165155C1B398C8FE019A6568045F9672EF98395AA62B63F120D600
                                    SHA-512:CFB592A8808EEBA79D0E35CC686D998B262467CCB5F7CED86B73F9FA873B441BADC674E4CAF17725A2A75CB96EA64461701F0D662E18D04F6565368FFC7D6F58
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...7.;e.........." ..0.............r.... ........... ....................... ............`................................. ...O.................................................................................... ............... ..H............text...x.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................T.......H.......(n...V..........0.................................................{....*"..}....*..(....*....0..............(T...-....*..0...........o.......(....,c.o.....o.......(....o....-H.,C.r...po.......o..........%..o.......(.......(.....(....o......o ....*.o!......("...9A....o#...o$....o!......(%...o&.......o'...,w.o(......(....,g.o.....o(......(....o....-L.,G.r...po..........o..........%..o(......(.......(.....(....o.......o ....*..o)...9......o....(X...-..,...r1..po....o ...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.exe

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):918016
                                    Entropy (8bit):5.356329926486251
                                    Encrypted:false
                                    SSDEEP:12288:irP8SrEppVCltJl/baoJ5Sf1kAiXxRcAiXxRZ6E4UGTldJ:NtppcDy9f1kAiXxeAiXxlDGTl7
                                    MD5:78CFA600E16174B300655B1BB63E3975
                                    SHA1:19D5F7B0456C1CBEB39C6AB53E1C3933FC9520E7
                                    SHA-256:A0CDEB96230BE7FEB78A0CAE20B91B39826B493B79CE6D0E80C4300A42EE7DF3
                                    SHA-512:B176F3A43EB7EC3611DB111A10CC7B1B640DA2406982BACA78E54A805320D1886A5A9232482A905571380474B346D6B0E7F8F5225C200DC50579574B54EEA3BE
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...h.;e.........."...0.................. ... ....@.. .......................`............`.....................................O.... ..L....................@......h................................................ ............... ..H............text........ ...................... ..`.rsrc...L.... ......................@..@.reloc.......@......................@..B........................H...................N...0...8h...........................................0...........r...p(!...s"... ....(#....s$.....r...pr+..po%...&.r=..prW..po%...&.rW..pr...p.r...p.(&....o'...&.o(...o)...(*....~....-$..D...(+........(+...(,...(-........~....{....~....~....-/.r...p.....(+.....R...%...(/....(0...(1........~....{2...~.....o3...o4......&~5.......*....................(6...*..{....*"..}....*..{....*"..}....*...0..]........s7...}.....(8.....}.....(......(......(.....{....o.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.exe.config

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:XML 1.0 document, ASCII text, with very long lines (410), with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):12143
                                    Entropy (8bit):5.148397299333294
                                    Encrypted:false
                                    SSDEEP:192:Le7l7Fr7l7T1LVd9zbGAyS+/nidDr+KS/pvrsJ+J/qJvK0ZKfghxh05n6X:LMl7FXl7T1xdNbcKail
                                    MD5:4D52878A194EDBD8ADEBEC9B954F20C7
                                    SHA1:680015BC07B253D22283A9B298098D890884CDE1
                                    SHA-256:B9C9E9891CAE44760EA5C600DA373D6E22EE31AF8BD77EEB58B091F14C5C22F7
                                    SHA-512:7A52E7503BFCC274FDD0C5C5B2AB88DF9791A014924EB9635ED7F3163AFAD0205911E3CEA8E4343671A5AD297B4397822BA066C60535C222C051A7C4B15648A9
                                    Malicious:false
                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">.. <section name="AGLCSS.ProductInfo.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />.. </sectionGroup>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">.. <section name="AGLCSS.ProductInfo.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. For more information on Entity Framework configuration, visit ht

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Aspose.PDF.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):37363184
                                    Entropy (8bit):7.091664407895098
                                    Encrypted:false
                                    SSDEEP:393216:2BEhT0ALTLIC3DwM8hN+5dwd7sEGizd2Gxj0XVRDCAxvFXXarDervx:2BEF0KLIPSG7Cipxj0FRZdGDm
                                    MD5:E02B2A813FC65F8110CDD052E348C9FC
                                    SHA1:44518002C387F066E19FE1AEE7AC86DA1BCE28B4
                                    SHA-256:107E08B4ADBDF25245E43D0C83352F2189D051668D4C1A0BB9C5DE0483130E9D
                                    SHA-512:474A54766FC87B565091AE012605F6973770973F64B1BF947D40BEDEF0C8A317130EDFE375BD73C9F41643CD14C769CF5B99A6A22E3A6C3C5A4A46FFE5908482
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....p`...........!......9.........j.9.. ....:...@.. .......................@:......]:...@...................................9.W.....:...............9..5... :...................................................... ............... ..H............text...p.9.. ....9................. ..`.rsrc.........:.......9.............@..@.reloc....... :.......9.............@..B................L.9.....H.......H....~..............L...H........................................0...........-..-.+.(....+.(Q...+.*..0..J........(.....-.&.-.+..+..*s....%s....%..-.&&%..-.&&%.}....}+...+.}....+.}....+.*...0..R........-..*.o{...-..."...*(|....o}....-%&.(...........s~...(........i.-.&&&+..+.(....+.*...0..O........-..*..-.~....*..(...........s~....(...+.-.&(|....o........i.-.&&&+..+.(....+.*..0...........(....,.*..........(.....,0&..(.....-)&(........- &.o{....Z....(....[....+...+..+...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Aspose.PDF.xml

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:XML 1.0 document, ASCII text, with very long lines (334), with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):2044621
                                    Entropy (8bit):4.636781505500332
                                    Encrypted:false
                                    SSDEEP:12288:ZHYGh5NB2KwQ4hv+t5xJv1NV1pzJBJVXZmarNplbp/9Zv65Krvzxx:ZHYGh5NB2+m+t5xJv1NV1pzJBJVXZBjH
                                    MD5:D69A20D93793B7B6C1B472B597CDEABE
                                    SHA1:A22465429EDDBFBB6FB53353C8FA645C6981D507
                                    SHA-256:EAE72A5D29AD3273465FE672AD5D5E2656E4565C6FF2A0DD7F14DF5D5236262D
                                    SHA-512:34A2AAF1F8067B1A8C546212BE0BE35BF49CDB17BB137936B057B12278B630B6CCF23BD4403BEAEB6B00F05D22B859360D8BB09910B1C0B3F0C4F9B40D4D96E1
                                    Malicious:false
                                    Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Aspose.PDF</name>.. </assembly>.. <members>.. <member name="T:Aspose.Pdf.ApsSaveOptions">.. <summary>.. Save options for export to APS XML format... </summary>.. </member>.. <member name="T:Aspose.Pdf.PdfXmlLoadOptions">.. <summary>.. Load options for PdfXml format... </summary>.. </member>.. <member name="T:Aspose.Pdf.PdfXmlSaveOptions">.. <summary>.. Save options for PdfXml format... </summary>.. </member>.. <member name="T:Aspose.Pdf.AFRelationship">.. <summary>.. Enumeration describes associated files relationship... </summary>.. </member>.. <member name="F:Aspose.Pdf.AFRelationship.Source">.. <summary>.. Source.. </summary>.. </member>.. <member name="F:Aspose.Pdf.AFRelationship.Data">.. <summary>.. Data.. </summary>.. </member>..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Aspose.Total.NET.lic

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:XML 1.0 document, ASCII text
                                    Category:dropped
                                    Size (bytes):966
                                    Entropy (8bit):5.43490980259347
                                    Encrypted:false
                                    SSDEEP:12:TMFaFIc10RbskcZy8tYW6DbfiXpFJf601Z5DNeAFbLZf/DlnLpkMvT52Ue67dhiN:KaFxYYyC/aik0j5DHlRxisImdhnh9k
                                    MD5:7CDAFA36874E041F8C1F0EB3C41209DC
                                    SHA1:8746594EF94A0B41FEA843EA7A66D11D2504CC6A
                                    SHA-256:03B6B611AE324E9159DB7053EA3F83A60BB4B1E91C8F2A430E99F4923ECF6F8C
                                    SHA-512:9F20DBC9E765AB5695ABE4004B2E9D2F33E5C6BF2F30460E6EB1593E392D05BD83A75EF7F9841C3722F6C1D165BD5B61208B6E18B6FD9B0673ACBC44DFF9A9DD
                                    Malicious:false
                                    Preview:<?xml version="1.0"?>.<License>. <Data>. <LicensedTo>AIG</LicensedTo>. <EmailTo>aiggseutassetreceiving@aig.com</EmailTo>. <LicenseType>Site OEM</LicenseType>. <LicenseNote>Up To 10 Developers And Unlimited Deployment Locations</LicenseNote>. <OrderID>220131105602</OrderID>. <UserID>684548</UserID>. <OEM>This is a redistributable license</OEM>. <Products>. <Product>Aspose.Total for .NET</Product>. </Products>. <EditionType>Enterprise</EditionType>. <SerialNumber>3b79a565-e39f-4f07-9ac4-2f2b89c79bbc</SerialNumber>. <SubscriptionExpiry>20221115</SubscriptionExpiry>. <LicenseVersion>3.0</LicenseVersion>. <LicenseInstructions>https://purchase.aspose.com/policies/use-license</LicenseInstructions>. </Data>. <Signature>doTuYQgJioSdvsH5WWzW9qQju9LHGULJ94QpLJp2uy/466c905YrOdxP2+ICSpukxIXof8OMcmOOSHvXwWtxymEtovL4/0kR4Db0Lxelb4BM5V6QECB1eCHyEpNyIsXZ1VMnifR497M/BRON6iLtRKgUcxGEyDAgBLNs+bidAdU=</Signature>.</License>

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Cases\Default Case.agss

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):28912
                                    Entropy (8bit):7.993602621685229
                                    Encrypted:true
                                    SSDEEP:768:SV458OcEGl1h7UZV8Ms/yZ1nSlCp803HSEhd7iM21:SV45Jel10MAnFx3Hdn7i1
                                    MD5:A111DFE75959C5C27F07E09C6546F9FA
                                    SHA1:3D07660915495476C86E9A3E71221325FD7F4ECA
                                    SHA-256:E960AECE72D595C556592093F53794912C7FB0852DD945824738A0DE9CDEE75D
                                    SHA-512:4E36F8241A919D611AC1A61752BB816DF8BD9FB456B8166C6DF5EB8D49897FBA426F4D05C7241F247F407A95B39C3DE4923F73673C09FECA1137206C792D7865
                                    Malicious:false
                                    Preview:.Y..O.^.Bq}c.e..:yI.@...]..Jl4.&..l.3{...c.......;u.yP....X.j.9.`YU...v.584..&..9._......H...|..iV..~-+%.s....\T....M.ekv.J.0...p.OZ.....}.e...I..'.ty.......*........r...90|...\..5.c&.x...0xA....w.....d...&.h....u..Pw...3!h.u.......j.a}w.2...VD.......z(....p.#.....*...z..z.....B._.....f...|G.*..f......y.........YI.{.._g.o..`H...I..f.4..L....,...Xh....Gf..GA.....v........g,..@..|.....U>...D..>3..<._Zanx.P..;..r..yo.R'..vG1.....r.).m....&.6...Y.....c.....\.....QYo...?.E..W.#....D..4O.t.X.P+}.U........D.V|.,'..:..,.j....co.bb..|.'...z..5...`.F=..r.(.].=#.fX.S7!k...$...:.mQ...>.9.ag...O..B..-.v.....K.C.P.V.3.3Ji...+?.....:....Yn....#..ZY>...T...>....-.....a......7.6.Z.8..[u.....S..lO5..G.Y8.u.:.xeb.......<...U.8Y.."...N..#.x..._.4%.+.}.....x.'...H.TD..U..Kw....A]...].. .jM.........T.[.5...B$.X6LPK.HD.Q.-W...-..zh..+...d..'9\.fk.uD..X.:=...v.H.kL.B.\.?.K.7...?.R>;...B...p7..R8|.....n%.]0.;..B5/n_.<Ia.OL}..NI.o......._...0s..rF...[I...c...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Change.log

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:ASCII text
                                    Category:dropped
                                    Size (bytes):974
                                    Entropy (8bit):4.823316708001477
                                    Encrypted:false
                                    SSDEEP:24:WOzRj/FS8UOBnKP93dkMhldNc8puuujBpMjq:WMRj/FSunKV31lJu1rV
                                    MD5:8FFC667C4CBDAE10AA0B305868F3D224
                                    SHA1:D24F7B53BB86DB6EE54BD2901D00B289650960C5
                                    SHA-256:E9EB1D6EE86952F6BB5D50CC716ABBCC7F03EE33BFDE9D18A6483EC7AB883832
                                    SHA-512:5244141254DACF369EDDBD24070D38B62E46636DEDC830D25109C2C3771C8A8A97EDB35AA045BBDB4D61666C728E966D804AD8BA531F03D4A7408FF911156650
                                    Malicious:false
                                    Preview:///////////////////////////////////////////////////////////////////////////.Changes in version 6.1.2.0..CALC CHANGES: ..- Updated Guaranteed benefits calculation.- Have the Umbrella Toolkit calculate the lock-in fee and return it in the output file ...PRINT CHANGES: ..- Updated Bi-weekly benefit wording on output - Changed to "$1,000 bi-weekly" - remove the word Per..- Updated Reinsurance Footer from saying Release 2001 to Release 2011...GUI CHANGES:..- UQA Report options - If multiple primary or secondary beneficiaries are selected, add ability to assign a percentage..- Allow maximum Guaranteed Period up to 75 years (instead of 50 Years) for all users..- Fixed - UQA, Settlement Agreement unhandled exception- If Annuitants are Invalid for Closing Docs.- Renamed ExpectedPayout to ActualAgePayout.- Renamed TotalExpectedPayout to TotalActualAgePayout.- Misc XML Client Map enhancements..------------------------------------------------------------------------------

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Ciloci.Flee.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):217088
                                    Entropy (8bit):5.605433780638061
                                    Encrypted:false
                                    SSDEEP:3072:tDlMM+67dv38NX4m1ipcPEz8UgwV4awZgv:H+MgN1ipcPEMwVZ
                                    MD5:87F93FE3B0A0094A7B923737BDAB7732
                                    SHA1:C6C24A3D67DEC6212FF4288EFF670D224212EF06
                                    SHA-256:37BFE967E51E0BA80BA1423B383C8C59C17673D2CE3402546FD6E0C2A5DE45E9
                                    SHA-512:2F2B3671FE50A9F62E69EFD4A6C50C58D01F0E699FD818E78A4C42DDD1841391F914D3B0E28960DA3C62056F725FFB0467E9535C735285DDA83AA2E8C1F0F726
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....9J...........!..... ... ......N9... ...@....@.. ...............................|....@..................................8..S....@.......................`....................................................... ............... ..H............text...T.... ... .................. ..`.rsrc........@.......0..............@..@.reloc.......`.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.BonusSkins.v12.2.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):8572504
                                    Entropy (8bit):7.859819019714371
                                    Encrypted:false
                                    SSDEEP:98304:ZX0hMZb9RXuBtGVqs7VpHryI/ZCC6sO4O6KOmQxgWpyfAFEIYI4+LdlGut/APDD5:ZTyaFvF/Zv6fMmgafAFI2GuB4DF
                                    MD5:396C7D2099E66B5F6CB2137381CB9599
                                    SHA1:71CF9549E43A5F73D245A933BFA9CF3A8E3E6549
                                    SHA-256:06BD412DD30BF3A5AF2C7760740A130A619382E19B7016759A85244C1E72AC76
                                    SHA-512:F79B378AE101CCD1283A9A55CE1A06D6BAE4256D66C2EF7260CEEE1C98030C779CCAB902FA1C6A2A783C8352FF4B59AA2374EB4F943589E6EA71A91C3345F1CF
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...+..P...........!................>... ........... ....................... .......j....@....................................S.......H...............X...........@............................................... ............... ..H............text...D.... ...................... ..`.rsrc...H...........................@..@.reloc..............................@..B................ ......H.......0...............X&.....P ......................................K......y..ZpY.......W.!.:\_..q...H.+..5...$.].%..|=..C......]..Y..M3.9^pg...~....Qf....[...y.g.6.........d".s.._......y.p.0..s.......(....r...pr...p.....(....o.....s....o....(....r#..pr...p.....(....o.....s....o....(....r9..pr...p.....(....o.....s....o....(....r]..pr...p.....(....o.....s....o....(....rw..pr...p.....(....o.....s....o....(....r...pr...p.....(....o.....s....o....(....r...pr...p.....(.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Data.v10.2.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):2639872
                                    Entropy (8bit):5.934841008678069
                                    Encrypted:false
                                    SSDEEP:49152:GEWnGIljGxTbN1rS7dn5tghHg1mu/pUoQUCv:qObN1e7hrC
                                    MD5:A219F693E7DDDDB647CB78159D45DE10
                                    SHA1:9033D9B7A188C4B52531A164ADE6A5EF75DEA8A6
                                    SHA-256:51591BB78A961C42EB58C5D1B12FACB7B6E3189D05C58B6C28A26E72BB092D0C
                                    SHA-512:820A72025803E256F6FE7818B1F319B6EEED243AA953B2F8C810C094BAA9DC60DF6EC9EBBFC57100E96F0F535BE520E15472B238CE8CE68047DE27866CDB3537
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....HM...........!.....>(.........N](.. ...`(...... ........................(......(...@..................................](.K....`(.X.....................(.....\\(.............................................. ............... ..H............text...T=(.. ...>(................. ..`.rsrc...X....`(......@(.............@..@.reloc........(......F(.............@..B................0](.....H...........P[..........xv......P .........................................e.pg.,".Aq...&./.9.T..t..A.s..G.==.Y.F=...V~............."]K".G...CHx.4.:....G.O.9.+L\.i.;7>.(t..f.kW..**/..U...<6v.gW....(Y...*..(Y....-.r...pr...psZ...z..}....**.{.......*..{....*..{....*"..}....*..{....*...0..G........{....,.*.(....-...}.....{....o........}......{....o.....%{.....X}....*..........%.......0..O........{....,.*.(....,=.{....o.....%{.....Y}.....(....-...}.....{....o........}.....*.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Data.v12.2.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):3012696
                                    Entropy (8bit):6.207439740679152
                                    Encrypted:false
                                    SSDEEP:49152:NLCpB0/qFLCXtfTmRmIt0Kp5HV1AWn/VvMWpJ9zdKOmG3MO:S0iFLCX0Rmm1mG3MO
                                    MD5:59D3BB6D8B117C7409EAAEF5F73A7CDB
                                    SHA1:3BFBCD479D2C4D9452131B1FFF50A5B1F0D0CB46
                                    SHA-256:B2ADF32E5B005EA115776978D0A92793896932EF7AF1A49DF98CC17AF7CD92DC
                                    SHA-512:C65F62E306D13BBB299087E346C5CC973FBACB15C3062F7017606DC4C9560C2F088BAB15161E396C5DF441F9275C66626AFEA1C158AC79DD91F3A594C1368187
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......P...........!......-.........^.-.. ........... .......................@......WY....@...................................-.K.......X.............-.X.... ......l.-.............................................. ............... ..H............text...d.-.. ....-................. ..`.rsrc...X.............-.............@..@.reloc....... ........-.............@..B................@.-.....H.......Ln.. ...............D...P .........................................YQ..6..S@8.?lEThLc..X....*S`...W... Y.=<..a.%..?.. @]..vR.]``.}.E,+...I.oZ[=.Xj.......,..nn,}(..~.D..xk....X. ^.#Ln...>)......(`....-.r...pr...psa...z..}....**.{.......*..{....*..{....*"..}....*..{....*...0..G........{....,.*.(....-...}.....{....o........}......{....o.....%{.....X}....*..........%.......0..O........{....,.*.(....,=.{....o.....%{.....Y}.....(....-...}.....{....o........}.....*.......9.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Office.v12.2.Core.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):270424
                                    Entropy (8bit):6.201949685048063
                                    Encrypted:false
                                    SSDEEP:6144:jZpLVr6Tt1l2KKLO/dfbdQhtzcR7H51dNhWU2YzYOHz5wOu2rJXLm9+gJlCvWWb1:jTLVr6TXrkOFDocR5Y0rLHF
                                    MD5:F17FCEE38ECC7A5558D56D2190F13808
                                    SHA1:E0C60C66DFF8C54F7F7B53A1DD30CDA26BE24BE2
                                    SHA-256:98E3A79C3FE18289CE7A6EA2C95CB037ADD1D6D054A1B3C0A38D6B5C017233E9
                                    SHA-512:ED15848BC21385B42F3E053983C4DD5A77C6DF8CE21CAE034CF89ED145E4A57A240FCDFF14AF0B25665F469C07B5EF8944033D5EEC569DD289B7BBCC3454F688
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......P...........!................>.... ... ....... .......................`............@.....................................O.... ..`...............X....@......(................................................ ............... ..H............text...D.... ...................... ..`.rsrc...`.... ......................@..@.reloc.......@......................@..B................ .......H........u..,............h......P .........................................sG...EC...8.3...H...'.J..|.....$_.=.,....d.T..XS2!S..|i...Ys n.#'|9...h-.p).[Q...f..W..67.d....J..!..D.3b....O..-..nf.(9....r...p(:.....}....*..{....*"..(....*6.(.....o=...*6.(.....oN...*"..(....*6.(.....oB...*6.(.....oQ...*"..(....*6.(.....o>...*6.(.....oO...*"..(....*6.(.....o1...*6.(.....oP...*"..(....*6.(.....o3...*6.(.....oK...*..0..I.......s;.......s....o<......s....o<......s....o<......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Printing.v12.2.Core.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):2152536
                                    Entropy (8bit):6.886309145114528
                                    Encrypted:false
                                    SSDEEP:24576:PRFrEK4zCsb43VLFHayTbdwmcaTcgvhHJ/tPmZMcLZqcdxeDbt7CrcBljjWU:JFrPTYtmwOhp/tPmmcL8gxe8rrU
                                    MD5:DC91C07F343D1260DE4FAEAB800EDC23
                                    SHA1:DF583BAC7DC8A88996B48471D1882E1F6C05CB39
                                    SHA-256:87AA0CA41BEC73B2FF813DCBF9B9BD9234CD161059612493BD429E9A92EFAB22
                                    SHA-512:38960847BCF663B5626D04CC43FDA5C24A7E0BF56B10586483CA45AC536B3436D49F43B65A298D17F9E0824507E8EBF543889535152FC3ECF1F0F8A7C48C3BC0
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...!..P...........!...... ........... .. .... ...@.. ....................... !....../!...@................................... .W..... ............... .X.....!....... .............................................. ............... ..H............text..... .. .... ................. ..`.rsrc......... ....... .............@..@.reloc........!....... .............@..B.................. .....H........v..._..................P .......................................>.b..$.3.~.]yM.#'.2I...N.R.l<x......D$..87IO.g.o3.+.@{`r..O......E1..4.T"..9.P...8MC.)...a8.G.L'T..A.~..!..V.......P.7.0..-........,..o....,..o....oM&...o....*.(.......o.....*..{....*2.{....t....*.*"..(....*"..}....*.*.0..3........(....o....,..o....*.o.......o.....o........o.....*..........*........(....*2.(....uo...*..u....,...t....o.....o....*.u....,...t.....o....*.....(.....(....tp...r...p.t(

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.RichEdit.v12.2.Core.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):5131352
                                    Entropy (8bit):6.239158294923384
                                    Encrypted:false
                                    SSDEEP:49152:eeFHVVC7B+s4DRJKskaQPhG/zKbJPLOJSghDNHi5YPkQU:vF1VC78hDRYpP+KbCDi
                                    MD5:3F44CB33AE4E80DE616B2570A1DC23F8
                                    SHA1:35D19E072B3C490F96157EFD0B2F761CE33C5379
                                    SHA-256:FA3DA52513D8566E4928FD1DED0ED4012AA180EC4C33903618C596F6218CFE04
                                    SHA-512:EBA17561DAE582CB75FB1B8A22F1861BA49260AE1406B1FBD3E3F430759DA44218DEA5D50AE8B5AB1F616EDDBE52EBFD22DDDD23DD901BCBE1124179A2DCBFAC
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:..P...........!.....,N..........JN.. ...`N...... ........................N......lN...@..................................IN.O....`N.h............6N.X.....N......IN.............................................. ............... ..H............text...4*N.. ...,N................. ..`.rsrc...h....`N.......N.............@..@.reloc........N......4N.............@..B.................JN.....H........R". .+.........h.......P .......................................6"..>...L,.p0T.;...1.......rh.V\O..(.T.....v....r..H:.g!..........t.d[u./.....B'=[V......:C.q.I^.L@....r.!...A....bUU=.GF{j..0..A........(.....r...p(......}.....s....}.....s....}......(\...}.....(J...*..{....*2.(....o.f..*6.(.....o.f..*n.{....-...(`...}.....{....*..{....,..{.....(....,.*.(....,..~....(#...*.....f...s....(...+*..{....-...s;...(x...}.....{....*..{....,..{.....(....,.*.(....,..~....(#...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Utils.v10.2.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):3409920
                                    Entropy (8bit):7.458876368493957
                                    Encrypted:false
                                    SSDEEP:49152:q4G9UjxJyAitRYwPSj3F0xC/MTC1FgUki5BtAbca6UoYX1QPTDUMzFWc5Gw:xG9+xJDaPSjV0sMW1FgXuAIswcaYG
                                    MD5:C99AF96BD2BD6A30932E888D709E250C
                                    SHA1:DDDB51843863C9F2300B205C07CA7AE9D1A2953E
                                    SHA-256:8C05947CCF2D064A01EF40306049F83198D37162684F4FCC6894585F15C8CEF1
                                    SHA-512:C70F045545C03E091F8012611D76E568FD13E5008B848032B1B2CE6D8FD5D9334B0404F1AD7AFF419C80EF5699096023CCF2050D8120F25E37B5468930EA4374
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....HM...........!......3...........4.. ... 4...... .......................`4......4...@...................................4.K.... 4.h....................@4.......4.............................................. ............... ..H............text.....3.. ....3................. ..`.rsrc...h.... 4.......4.............@..@.reloc.......@4.......4.............@..B..................4.....H.........)..0................$.P .........................................r.......|.E.c6f"'..S..*n4.au.e.."..9...b%.....@.b.$...^..}.R....r.@.i.D`Za...mSX!.....;F.....<...B...T.....u.v...k.....#.(F...*..0..W........|...........|............}.....(G.....}.......s....}.....(_...&.~H...}.....~H...}....*...(I....,4.{....,..{....o'.....}.....{....,..{....o......}....*..(J...,..(K...,..(K...oL.......*.(M...-..(N...,..*.oZ...*n.{....-..{....-..(....*.*.*~.(O...,.r...p.(...(P..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Utils.v12.2.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):3699288
                                    Entropy (8bit):7.354053612194487
                                    Encrypted:false
                                    SSDEEP:49152:5aabjxTWAOfraPgyC30nv8Nm578EeoT06GxYg7pCKU0N82IG1B4s2CiUTSw:5XfxTWAOfraPgLoi48AKUlsL
                                    MD5:CAC32098FB25BD13ABC71DB56DB8C884
                                    SHA1:CAFC1C8E60AE787DAEA88DF6BE458DBDFF96C786
                                    SHA-256:E01AEA014132F3AA495BA2F8BBDE8FA3A35317DDC9481D858564740E478A2954
                                    SHA-512:F8E103F6C32A998DDA3614DF6346FD9934FF8B069D6A22834DC699321B077F57815BAE436FB5BD6AE2EB052BBC5332A1341735E27E1D1D2C0DB624847FB74114
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...&..P...........!.....R8..........p8.. ....8...... ........................8.....5.9...@..................................p8.O.....8.h............\8.X.....8......o8.............................................. ............... ..H............text....P8.. ...R8................. ..`.rsrc...h.....8......T8.............@..@.reloc........8......Z8.............@..B.................p8.....H.......D.,..R...............S%.P .......................................]H..a.K.>.?..U...+.o.<.,..k..K......(.h.....lp......_]....`.l.....*0...w.......`.1...j.....*..vuk..k#._1D.g....36..g.~....*.......*.(E...*...0..p.........}.....~F...}.....|...........|............}.....(G.....}......}.......s.#..(b....(z...&.~H...}.....~H...}....*...(I....,4.{....,..{....o9.....}.....{....,..{....o.#....}....*..(J...,..(K...,..(K...oL.......*.(M...-..(N...,..*.oj...*n.{....-..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.Web.v12.2.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):6828536
                                    Entropy (8bit):6.028911925904774
                                    Encrypted:false
                                    SSDEEP:49152:+/VS7jCWaUpWtEM9vAzLi3qE4KaS67J8h5O7iJ9mguqkORBfbrvN7Gp/8ZyKQYFu:+NS7jCWaUpCT3qLWO+PO
                                    MD5:89C496973CFB2306DCC337CC0AC937BC
                                    SHA1:70F3165EAA44D29613738C889C7F221DE1F75215
                                    SHA-256:8DBDCBF2DEE43B60A37983468EB1DF192E14A3C41310089E90D955FA25228B6F
                                    SHA-512:3859DC1E56F30567CCF4B65DF3FEA4929BA1E8383AD3BBED2872580D41C0FFB33A5DB74291780CFB66E13DCBCCDCA91FCB1F021373F24EE9F5D7C51787C4D8C9
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...h.NS...........!......h.........^.h.. ...@h...@.. ........................h......]h...@...................................h.O....@h.`.............h......`h...................................................... ............... ..H............text...d.h.. ....h................. ..`.rsrc...`....@h.......h.............@..@.reloc.......`h.......h.............@..B................@.h.....H........{....(...........9.p.... ...................................... ..............?.......?.......?.......?.......@333333.@333333.@A.B.C.D.E.F.G.H.I.J.K.L.M.N.O.P.Q.R.S.T.U.V.W.X.Y.Z......F..6.[.i.}<{..Pkm..../.,.....r....n..f.b....j."aP....b.#..7f.....i.}.u.;...&.Un.,.0r.vrn.f..K`r.....U...o........k..(E....3..o....*.(....-..(....*..(....(U...*..{....*"..}....*V.{....-..o.....(....*..{....*..{....*..{....*..{....*..*..(....*.(....*.(....*.(....*.(....*.(....*.(.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraBars.v12.2.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):3829336
                                    Entropy (8bit):6.082193144017104
                                    Encrypted:false
                                    SSDEEP:98304:pboKqG38WAOfraPtWAOfraPTWAOfraPzhkYf:pboKuWAOfraPtWAOfraPTWAOfraPes
                                    MD5:3A1298118A83530E0BB07F9CF87B2F32
                                    SHA1:F6B3CD9DBFB9EDF87F68FA337E4C82EF5B8D4553
                                    SHA-256:B804FCDE67B278E5709F8899438EE35A53A0A054F0AE6D034A3774C60254B5D6
                                    SHA-512:E06390231DC889314679B3A9A92FA266407F1CC0EB58E62960B85CC1852A9FFFC5E8F215D6B55FD1655571B0789C25B661298B492D4392A14EDC90A108D80960
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J..P...........!.....N:..........l:.. ....:...... ........................:.......:...@..................................k:.O.....:..............X:.X.....:......j:.............................................. ............... ..H............text....L:.. ...N:................. ..`.rsrc.........:......P:.............@..@.reloc........:......V:.............@..B.................k:.....H........r..0...........P;..z7..P ........................................O.7.;9M..~-.?.g..d..G.m....{k.u#.Z..FN.2.x.m......U..).c.....7.@d.`Z.J(.......#a[....(.......F......g.Y...pM..Y^.[M.:.(......}....*..*2.{....o.$..*2.{....o.$..*..*:.(......}....*..{....*..(....*..*....0..Q........(....o.......YE....................+$..:(....*..;(....*..<(....*..=(....*.(....*...*r..?....(....o....o....s....*...0...........(....o....o.....+o.o?...t......o.....+<.o?...t......o..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraEditors.v10.2.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):1744896
                                    Entropy (8bit):6.006535524959442
                                    Encrypted:false
                                    SSDEEP:24576:yDVfaMEV77ldLKqEC745uutCg74fBkXaE0WsOVySDgFY3P:yD5AXlTkT7+
                                    MD5:F6CDB4491ACDFC4419A39282364CAECF
                                    SHA1:01A37CA087D6F69A8BD7B1602A8AD18F32FD529E
                                    SHA-256:F82121A9E13B97307DE47912D7E14467CD4209084117E4885AEAA6053D321009
                                    SHA-512:F97D094037407D5EFA005C4B1C1F3722CBF5A51C402BABD802AD355DAB33980BF6E46D3FD0B9BEC147AA9F5EDACD94BDC9782C07A0A48CA81A1092D2913E9DDD
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....HM...........!................^.... ........... ...............................0....@.....................................O...................................@................................................ ............... ..H............text...d.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................@.......H.......................x$..:...P .......................................W.......7LS.i.7N2.Q..f..VH.}l&.k.BN....2......8...Z...{c..M..x..:.....#......5.@XBv.E&.h.F...w..I5..... .8...sv.[.....Z..br...p(....(....-.*(....*....0..(.......r'..p(....(....(....s......o....&.o....*"..(....*>.(....-..(....*....0..........s7#.......Ps....o......(........(......Y ....s....o.....o.#...o.....o.#..rA..po....s.2...s.2....rU..po.....rk..po.....(......(.........(........(.....~....(....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraEditors.v12.2.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):2408536
                                    Entropy (8bit):6.095882030461041
                                    Encrypted:false
                                    SSDEEP:24576:DBxDx0ppROLdqZ6/XtQZjA6s+H/gI0I74pVGsuv5k5POFq3cEoJgnFFOejg:LKv6/X2ZjA6sakDnFy
                                    MD5:F5A891E7086365A09D88C30A5DBEB01A
                                    SHA1:B681A2EF4ECCCC7956F4C4D487B8F525DEA62F56
                                    SHA-256:2F979841B0CA0931CD2349C1667A04A2FBBD4B1F2CAC4A05094CB90AA38DB423
                                    SHA-512:6DAB5A1A7ABDB3CFCB00F7ABC2C21CAD9F4AD05AFDA48B90E17E4E2EB81497F16FB66519DE8779E2158FA0AE1E9AB0A53069D89E92BDE44D695681B713BDCEC9
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...1..P...........!......$..........$.. ....$...... ........................%.......$...@.................................x.$.S.....$...............$.X.....$.......$.............................................. ............... ..H............text....$.. ....$................. ..`.rsrc.........$.......$.............@..@.reloc........$.......$.............@..B..................$.....H............4.............*...P .........................................3.X.....x:.yN..!...c.....d.z.~{I...J...c..j.(.;/.i..?..h/..V.'..|..".......h.?....l.E......SO.C.)...\w............!a.j.fr...p(....(....-.*.(....*..(....*jr'..p(....(....(....(....*"..(....*>.(....-..(....*...0..........s.).......Ps....o......(........(......Y ....s....o.....o.)...o.....o.)..rA..po....s.?...s.?....rU..po.....rk..po.....(......(.........(........(.....~....(....,..o.*...o4@....~...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraGrid.v12.2.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):2231384
                                    Entropy (8bit):6.09457590281721
                                    Encrypted:false
                                    SSDEEP:24576:m0ijUKJFl2lKbF0fQV71hHbztU7T2tSqOM9sbnE1Mc+/4ZZLjfIpMsd9Z4Gef5cD:Il2lKbF057T8KbzyXgef5c4NLc1
                                    MD5:D61EF52222A23358409FBDBDA898C3BA
                                    SHA1:E6E50F9C30331E08335E7BCBB9E41EA59E5BB9D2
                                    SHA-256:87305E1608661CC5B732DF4FDDB97FA0FE38E2E75C5AF8DE03F2B14FD7B6AB14
                                    SHA-512:42812656C007988AA8A04C62149695EB9649146F7A9590440711307CEA997E906D1F052858511E35FD04AAF9D4CF2C4F2507AA06131EAE292FFF6CED40E199FB
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...E..P...........!......!.........n.".. ... "...... .......................`".....N."...@...................................".W.... "...............!.X....@".....T.".............................................. ............... ..H............text...t.!.. ....!................. ..`.rsrc........ ".......!.............@..@.reloc.......@".......!.............@..B................P.".....H...........8...............4...P ......................................={.D.D..u...E.v....S...\&b......^\.....*...&...%.$n../...ys.Q..d..:.h..$..T.....6..2..}.."...........S).b...<+H...\....5..(......}......}.....~....}......}....*..o.....o....3".(.....o....(....,..(.....o......*.*..{....*"..}....*..{....*"..}....*..{....*..{....*"..}....*"..}....*:.(......}....*...0..&........u.......(......,..-..*.o.....o......*..{....*"..}....*:.(......}....*...0..&........u......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraLayout.v12.2.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):805464
                                    Entropy (8bit):6.145707529105092
                                    Encrypted:false
                                    SSDEEP:12288:WHYouxedCF2wRB0noktToCCAIPPZWP29mi6CkWoV:f7x+CFmokLNIVMWI
                                    MD5:E7C8DB51AEE74F51097C15BF2A587A4E
                                    SHA1:2D631D8E130024081108A321832F47D10B329E69
                                    SHA-256:E98AAAB90E8657B9256D09D6D06834F92099B9EB809C83C12922F7DC47EC802F
                                    SHA-512:3BAE5BE2B696E5607D3A0F2F701294260CB6EF84BAE1AB5E6D2AD17BFCA124D35D5CEAED6785E8687A065882C6D4FE81CBF93E5BD3C84C5667812A42DA09261B
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..P...........!.....*..........nI... ...`....... ...............................d....@..................................I..W....`...............4..X...........LH............................................... ............... ..H............text...t)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B................PI......H.......\..............Po...E..P ..........................................H.J...T....^..t..M..3....M....)y.v........c. .9..w...D.(.......*7N..I..\.b...B=....L...!.C..~..5[p...:hn..>..u%.A 0..E6..{....*"..}....*..{....*"..}....*2.{....o....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*...}.....r...p}.....(.....s....}....*2.(....u....*"..(....*..{....*"..}....*..{....*"..}....*..0..j........(....,..(....*.(.....o....t....o......(....o.....+..o....t......o..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraNavBar.v12.2.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):362072
                                    Entropy (8bit):6.294830947153117
                                    Encrypted:false
                                    SSDEEP:6144:TroJE82vxoaWAOfraPEoalR4YVVKBb6FlBMHuzHE3uNnYCzN09z8DW:V8+xoaWAOfraPEoalR/F3iz8y
                                    MD5:76323744E24DA90B3EE25E0BA09D3699
                                    SHA1:C27B2DEFBB28215612B93F78C73521E438D8C776
                                    SHA-256:A8F8174B71E8549163518A8F530653C98AC50DC6F1A616FD0AAA494AB797013C
                                    SHA-512:D6F6620674D5CC54EB7B26DC5A5F987080DD932B8EBCB711118846CFCF178219D3AD7EAB7C9091997E9CCE361537F74A35D21D608E553EDF693D4D688F21CB5A
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:..P...........!.....f.............. ........... ...............................E....@.................................x...S....................p..X............................................................ ............... ..H............text....e... ...f.................. ..`.rsrc................h..............@..@.reloc...............n..............@..B........................H.......D...l...................P ......................................$Y..z~.1.Q.l..k@h...Gg*.E.>.g.B...:\....- .PQ.T.....g..y~..Nf.}.O..G.`..9e...#...<.........j.l.J[.k...q.}..].........-Bvd'.3.Z..(B.....}......}....*..*..{....*..{....*...*...0..`..............(....o....oC...sD.....(....or......(E...-..r...p.oF....(....ot......(E...-..r...p.oF....*.0...........(....or......(E...-...(.....s....(G....(....o....oH....+..oI...t/......o.....oJ...-....u......,..oK.....(....ot

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraRichEdit.v12.2.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):1646168
                                    Entropy (8bit):5.948221195904113
                                    Encrypted:false
                                    SSDEEP:12288:fuWNaUNhP5HWPtwiu96p76/Dg6ZMMMH91T321ID77h6J9rTXbv9w99fTw:1Iai37UtUX21I7Y+990
                                    MD5:816B0C021159A995A174DD07C954A2D5
                                    SHA1:5E2AA3C360AA8B81BC0657D658FD27A6B624F188
                                    SHA-256:D179584EB67A685974CA8ACA6FEAAAA9C792FD06E3E1465F848A4FB3FC201769
                                    SHA-512:32F690355227B30534826D8107BFC014B33D58345D237EF3D70A1A68E052C0CB74F9486E3C6BF51544D4842B4B80BFFED2CFD4ACCBC8BD0E1D0A8ED5EEF24A44
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y..P...........!................^.... ... ....... .......................`............@.....................................S.... ..`...............X....@......<................................................ ............... ..H............text...d.... ...................... ..`.rsrc...`.... ......................@..@.reloc.......@......................@..B................@.......H.......(....r...........r...7..P .......................................v.....8......[../1..........E.b..._hV..y<.BIgiv.....3...:.D9.2....oEWn>%....y..v..z....^....daQ\..F..P@SI:.8..Y=.9..Q...}..E+.0..F.........(....,<...u....,. .....+..u....,. .....+..u....,. .......s....(....*..(....*:.(......}s...*"..(....*2.(....o....*...(n...o....(.......o......o....*"..(m...*.~....*. i...*. j...*..0..&........(....s.......o.....o.......,..o.....*.................."..(m...*.~....*. k.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DevExpress.XtraTreeList.v12.2.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):868440
                                    Entropy (8bit):6.240664153224065
                                    Encrypted:false
                                    SSDEEP:6144:EeifECD+V+yLtYj9sqU7atkkDkrJge93A1s6DD6IBm4J7gS3xU7ISjZ1BYE81Rxb:1YlsP7dL9KTJhxtE81dj+y26dFuTa
                                    MD5:9FC3377A16DBBB79B7A1D76E1D8D6001
                                    SHA1:4C9F99814F2AD9AFE7E2234052C149C14878AEA9
                                    SHA-256:61EDF78208DDCCCF6FC0766B6849E967EE6C795B2EDFB2E16ACEAB8D70AFBB60
                                    SHA-512:F962BD467D07BF0463A455E1B22045E86C59A985948701DCB2039625B009525AABDAFAA304DD3FFBA30319A09BE53242179992A873870A3907EC7EA547468AB4
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..P...........!..... ..........^?... ...@....... ...................................@..................................?..O....@...............*..X....`......@>............................................... ............... ..H............text...d.... ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B................@?......H........{..d...................P ......................................G......<...Tv.......s.R...Jt....\..6V5........Q... .x..>.Q...A...tx.........f.>..M..b..%...e..$,..1.V.J-.....voL<.|..Q....:.(s.....}....*2.{....o4...*..*"..(....*.0..D.........(....(t...}......(....(t...}......(....(t...}......(....(t...}......(....(t...}......(....(t...}......(....(t...}......(....(t...}......(....(t...}......(....(t...}......(....(t...}......(....(t...}......(....(t...}......(....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\DotNetZip.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):458752
                                    Entropy (8bit):6.813322972745781
                                    Encrypted:false
                                    SSDEEP:6144:BuCITwatNH6B1vHTSpbIeCHz927IWYgGtSV41kJDsTDD3sAJe6dwxLV/z:J/aOaIdHo72S4csfsqe6qfz
                                    MD5:F292D363754984C8FBC921FA2B5E2700
                                    SHA1:7A855F57741D91C12AEF038AA4F18F259872FF3C
                                    SHA-256:AAAF2670C222CB0AF424A796C4831AF6258EE40DA29EA81D9FC7E2FCB171F345
                                    SHA-512:BE3FC49EF90A60ED6418F66A4A1196C56E97FAD7519E9B0FDE7D3C47711370A2B85B89FF496F896B3086744052C92F5BAA31255C2DB5E5A81FBC3BCC827B0041
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l\.........." ..0.................. ... ....... .......................`.......d....@.....................................O.... .......................@......|................................................ ............... ..H............text...,.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H............................/............................................{....*"..}....*.*..(....*..0..F.......s....%r...po ....{.........(<...o ...r...po ....|....(!...o ...&o"...*...0...........s#......o$...(....*.0.............{......E............,.......8...D...+Q..{..........+M..{.......+A..{..........+2..{.......+&..{.......+...{..........+.r...ps%...z.*6..oi...(....*..(....*....0..a.......s....%.|..........o"...o ...r...po ....{.........(<...o ...r...po ....|....r#..p

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\EULA.rtf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
                                    Category:dropped
                                    Size (bytes):143990
                                    Entropy (8bit):5.004945711550832
                                    Encrypted:false
                                    SSDEEP:3072:IMws/8s2IOd1FgCR/qYkpZl1HKO+dH3VhOE7:9jed1FgCcYkpZl1HKRdH3VhOA
                                    MD5:D412CC2BE266C00D651B026636CE55B4
                                    SHA1:9E68C0A578D6E018FBA057C6FA5659E6622C93D5
                                    SHA-256:D035549C3883EB149BACE9F12703F00B7908F166600238421FBF51A03441B0AE
                                    SHA-512:D1FFA7B0DE964DCD4FF8D0E526F79507F32845FD15A291E5212FD30AA2A2D239036056468C2D012945FE72F604F160B9602067EE7FE2859AD500216511BF1D0F
                                    Malicious:false
                                    Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033\themelang1033\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f1\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604020202020204}Arial;}..{\f2\fbidi \fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New;}{\f3\fbidi \froman\fcharset2\fprq2{\*\panose 05050102010706020507}Symbol;}{\f10\fbidi \fnil\fcharset2\fprq2{\*\panose 05000000000000000000}Wingdings;}..{\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math;}{\f43\fbidi \froman\fcharset0\fprq2{\*\panose 00000000000000000000}Cambria;}{\f44\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604030504040204}Tahoma;}..{\flomajor\f31500\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fdbmajor\f31501\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}..{\fhimajor\f

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\EntityFramework.SqlServer.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):591752
                                    Entropy (8bit):6.069668321990478
                                    Encrypted:false
                                    SSDEEP:6144:EcK9UcUZV25QiE0U0CxzB6zHK1HHYkIfPQG2puGeqVmjaVmnS4bfu65+:fcuV200veIJu65
                                    MD5:AF1646B1C2227AB206D855BD068535CF
                                    SHA1:3CD982AD2FB00A50151D7F416E4B05F79528496E
                                    SHA-256:A960DD4D2F0F37B3C09FFB9567C32426B8791310D7EB935C04C819C3D46BD49E
                                    SHA-512:04EB6B5EC3A1655AE2FC661F6F9053F7743A2C624C4E8B0E1E6660FCB135A847ADDA27919AE8F38987E370E0114BD5CE45E01F1C894019A864A22CAE3D24AF0A
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...q~@..........." ..0.............r.... ........... .......................@............`.....................................O.......t................#... ......4...T............................................ ............... ..H............text........ ...................... ..`.rsrc...t...........................@..@.reloc....... ......................@..B................R.......H.......l...x...............]............................................{0...*..{1...*V.(2.....}0.....}1...*...0..;........u......,/(3....{0....{0...o4...,.(5....{1....{1...o6...*.*. #'p )UU.Z(3....{0...o7...X )UU.Z(5....{1...o8...X*.0..X........r...p......%..{0............-.&.+.......o9....%..{1............-.&.+.......o9....(:...*:.(2.....}....*..*J.......s;...(...+*J.......s<...(...+*........s=...(...+%-.&.......s=...(...+*J.......s>...(...+*J.......s=...(...+*.(....s?..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\EntityFramework.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):4991352
                                    Entropy (8bit):6.097816081905885
                                    Encrypted:false
                                    SSDEEP:49152:9PrnRLX8ziolcD5jX24Y/g1YmNBayW5Ci72yEBzw9vb5:tnt8zi8o5jX24Y/fmLaZv7xt
                                    MD5:FFDCF232D0BB2FFF78721FB347641A76
                                    SHA1:54C76A2FA61E6DF1AE4C9DF65435A38482C2CB71
                                    SHA-256:FF42BCA704605E187ABB45523868B15128D6AF1C28AD40A4579D507D34A953B2
                                    SHA-512:89DF103556CFBD955283BEE551576134F9A7B0D121E12CF6DF4E9F4028075B2C4FF9D22886CFD21B10D0A0D6E640DB784B74D42EBAC4A45CCB9CE9C725A1FDF1
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0...K...........K.. ... L...... .......................`L.....<hL...`...................................K.O.... L.$.............L.x#...@L......~K.T............................................ ............... ..H............text.....K.. ....K................. ..`.rsrc...$.... L.......K.............@..@.reloc.......@L.......L.............@..B..................K.....H.......T0....).........l.A.....d~K.......................................{)...*..{*...*V.(+.....}).....}*...*...0..;........u......,/(,....{)....{)...o-...,.(.....{*....{*...o/...*.*. dL.. )UU.Z(,....{)...o0...X )UU.Z(.....{*...o1...X*.0..X........r...p......%..{)............-.&.+.......o2....%..{*........z...-.&.+...z...o2....(3...*..{4...*..{5...*V.(+.....}4.....}5...*...0..;........u......,/(,....{4....{4...o-...,.(.....{5....{5...o/...*.*. ...z )UU.Z(,....{4...o0...X )UU

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\IMG.WCF.BehaviourExtension.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):7168
                                    Entropy (8bit):4.38344133265455
                                    Encrypted:false
                                    SSDEEP:96:9yFeOOHNrypFo/glkx81DacjzmJvufolzjrJj2nYSPQzdnWOiEeE:gFwNCedxwDacLfolzjrJj2vQRyE
                                    MD5:BA6797CFAD83AB9EF1E4393547B15BFC
                                    SHA1:8A5B765066F5F6065B9F5C07760CC318FFD3DB5A
                                    SHA-256:C103B6A8E271F45401FCC3B69E314640A392D4286FB5E6482C1D22D4CD41FCC2
                                    SHA-512:E9485C24BE08FF1CE4163E95A9ED1E4058428DB87CF3F21A08F58DB82162D560EC6A63158E8102AE6B8417E838B9AAD62E50B701734F86E942566C877712E743
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P#............" ..0..............0... ...@....... ....................................`..................................0..O....@..|....................`......./..8............................................ ............... ..H............text........ ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B.................0......H........!..$.................................................................(....*J.(.....(....s....*F.r...p(....t....*6.r...p.(....*F.r...p(....t....*6.r...p.(....*..(....*V.(......}......}....*.*..0...........{.....{....s......o.....o....*.*.*V.(......}......}....*.*..0..~........Po....(......o....,8.u......o.....{....o....(....,H.o.....{.....{....o....+/s......o.....{.....{....o.....Po....(.....o ....*..BSJB............v4.0.30319......l.......#~..........#Strings........

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\IntegratedCalculationEngine.exe

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):16384
                                    Entropy (8bit):5.157363258364149
                                    Encrypted:false
                                    SSDEEP:384:CcINOZi96Yf88aAY/Ai49eFPkTWRRmEHkSsVgk3WU:CcNZigYo/v8d
                                    MD5:05714E28DFB3B468EF84B7DF425E9268
                                    SHA1:DFE97C24C5A21DB7C9070307A3DE7872D2CFBA9C
                                    SHA-256:4A2B2749F82288909748703B77F8767125FE7F5546374A301B58A39DBB397616
                                    SHA-512:2E051FCA886BC97715AFF2A0345B7BEEB3D16E8ED1BC1ED9C264C6B7300827AA21244BFAE898FC53B4BA4682764929DD197037933E0D251C216BD4D4C5245105
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......a.........."...0..4...........S... ...`....@.. ....................................`..................................S..O....`..d...........................\R............................................... ............... ..H............text....3... ...4.................. ..`.rsrc...d....`.......6..............@..@.reloc...............>..............@..B.................S......H........-...$...........................................................0..j..........(....s.....o....o.....+...(.......o.....o....s....o......(....-...........o.....s......o...+....&.....*..........,E..........cc.......0..T........(.....+...(......o....o....o.....o....o....(....,.......(....-...........o......*.*........;B........( ...*.0..\.......s!.....(.....+-..(......r...p.o.....o.......("...o#...o$...&..(....-...........o......o%...*........:G........{....*"..}....*..{

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\IntegratedCalculationEngine.exe.config

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text
                                    Category:dropped
                                    Size (bytes):2976
                                    Entropy (8bit):5.323127390109098
                                    Encrypted:false
                                    SSDEEP:48:3nLEkEWhiHORGCD6FjL86fWDd6HfuphJJYmrTI3NruK54YHJHHXsJNJ4YHKJyMHO:g9W8HORGm6FjLBeDd6HfuphYwTcNruKs
                                    MD5:A0AE67D3D8B1B757609E7B14B6CCED5E
                                    SHA1:2B0E0E6CDE1A4830678681FA52A4608C4594532F
                                    SHA-256:95A4059A32B7756BFA5A92B85764929E6E7E6B1C7DA271EF38B5A13A881D199D
                                    SHA-512:0EABB2AF473BC44096B4D97952AD6D419C00A97F0AC8DB61B458F443E0DF56B35479B100B4F52B1E8E166614097D2E7AA1FE812F05E2B732A29B446661A1F0BB
                                    Malicious:false
                                    Preview:.<?xml version="1.0" encoding="utf-8"?>.<configuration>..<appSettings>... Fix for QSR1601: Issue 7:For certain UTK users having new installations, the directory listed in the integrated config file is not pointing to the installation ..folder.-->...<add key="OutputXMLFileExtension" value=".agss" />...<add key="CreditedRateDirectory" value=".\Rates\QSWC\" />...<add key="CreditedRateFileExtension" value=".rat" />...<add key="MortalityRateFilePath" value=".\Rates\QSWM\QSW_QSSR_USA.dat" />... PR 18 Substandard Pricing changes:Added path of the WearOff and MortalityMultiple path-->...<add key="WearOffFilePath" value=".\Rates\QSWWO\QSW_SPWO.dat" />...<add key="MortalityMultipleFilePath" value=".\Rates\QSWM2\QSW_M2.dat" />...<add key="ECChargeFilePath" value=".\Rates\QSW_ECC\" />...<add key="ECColaRateFilePath" value=".\Rates\QSWECCO\QSW_ECCO.dat" />...<add key="ProductFilePath" value=".\Metadata\AGLCSS.Product.xml" />... PR 18 Substandard Pricing changes:Added path for Expression

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Kjs.AppLife.Update.Controller.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):860160
                                    Entropy (8bit):5.830177574604078
                                    Encrypted:false
                                    SSDEEP:6144:NKZnByC3WOE+gqWMuFtejoAfrqS2U7CPekqVetXVq/j8Cqqajqshx7:WsCGYm2n21+OBjqKN
                                    MD5:7EC9FEC40D0D7FA44F0B424D57F3D437
                                    SHA1:AB8199B7777ECEC1D4B55F6E63840B16623615B6
                                    SHA-256:13650374FF0E37FFE8EFF77BC57D21A3A6B6E0D0963ABFD56E3EB3DB13BB961F
                                    SHA-512:EB80A68A5C1C03E90BA350E5479881D33E22D00D16CEE4DB9B01333A2C7A7371F4E253645393D5EBE7267A75C8DCF8808406C3D7661F2D6C5824F7B0FE045429
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L... .qM...........!......... ........... ... ....@.. .......................`.......$....@.................................T...W.... ..@....................@....................................................... ............... ..H............text........ ...................... ..`.rsrc...@.... ......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Layouts\defdocman.xml

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:Unicode text, UTF-8 (with BOM) text
                                    Category:dropped
                                    Size (bytes):11883
                                    Entropy (8bit):4.787814045940871
                                    Encrypted:false
                                    SSDEEP:192:7wYTbw0qaWObwFqdFaIbw0Jb6b7bwFJ6Owbw0JqtXke:7wYnNWepakv6bfVOcutXke
                                    MD5:4CBF47EA4A2AF7509F91BE9D6C4D3DDC
                                    SHA1:20210C0ADC8F81033A356F8B5A8B1E586BF300EE
                                    SHA-256:8C7AB315A41B51100B2468BBA08B1FDBA523127F98B10A99AE84DDBF0C17DE6B
                                    SHA-512:CDD09AED451EA7C804D3F2390DC7B7DC753816B000102BEE337A7BC29DD3C039AC0699D2B8D7C6A97A9B9026F2990EC2EB0D66B1204B97C9310016D156158485
                                    Malicious:false
                                    Preview:.<XtraSerializer version="1.0" application="DockManager">. <property name="#LayoutVersion" />. <property name="TopZIndexControls" iskey="true" value="5">. <property name="Item1">DevExpress.XtraBars.BarDockControl</property>. <property name="Item2">DevExpress.XtraBars.StandaloneBarDockControl</property>. <property name="Item3">System.Windows.Forms.StatusBar</property>. <property name="Item4">DevExpress.XtraBars.Ribbon.RibbonStatusBar</property>. <property name="Item5">DevExpress.XtraBars.Ribbon.RibbonControl</property>. </property>. <property name="AutoHideContainers" iskey="true" value="0" />. <property name="DockingOptions" isnull="true" iskey="true">. <property name="ShowAutoHideButton">true</property>. <property name="ShowMaximizeButton">true</property>. <property name="FloatOnDblClick">true</property>. <property name="ShowCloseButton">true</property>. <property name="ShowCaptionImage">false</property>. <property name="HideImmediatelyOnAutoHid

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Layouts\defmainbar.xml

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:Unicode text, UTF-8 (with BOM) text
                                    Category:dropped
                                    Size (bytes):140602
                                    Entropy (8bit):4.383491958546536
                                    Encrypted:false
                                    SSDEEP:384:dk6GLXEdrzrSA4GcB8zDtfNjOB7ZkZalLDuIDgwSDc1+pDtj5D1DuJflH5XdPpyZ:MvqxPcFSa3+t2GpqsqTXVWk2lQe
                                    MD5:27DB4A6857EDD664590C48F07D75A665
                                    SHA1:56C6DDA75C84C31D2937048CCCC48A459D3AE154
                                    SHA-256:9152713A86FE2DCACDFEBA08CA5669FD69A72FF5CF90D4C92E848F8A984A388F
                                    SHA-512:408A98E58E26A3E0E6009AA359D607AF81FBAD425DC78ABEC727E1F6DB46DCBD348C1BCA85744AC8F85794941589D14FE6E03B06722E60E8A91DF06951EC904A
                                    Malicious:false
                                    Preview:.<XtraSerializer version="1.0" application="BarManager">. <property name="$BarManager" iskey="true" value="BarManager">. <property name="#LayoutVersion">3</property>. <property name="Items" iskey="true" value="15">. <property name="Item1" isnull="true" iskey="true">. <property name="ItemLinks" iskey="true" value="6">. <property name="Item1" isnull="true" iskey="true">. <property name="UserCaption" />. <property name="UserPaintStyle">Standard</property>. <property name="KeyTip" />. <property name="ItemId">2</property>. <property name="ClickCount">20</property>. <property name="UserWidth">0</property>. <property name="ImageIndex">6</property>. <property name="BeginGroup">false</property>. <property name="ActAsButtonGroup">false</property>. <property name="RecentIndex">0</property>. <property name="Visible">true</property>. <prop

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Layouts\docman.xml

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:Unicode text, UTF-8 (with BOM) text
                                    Category:dropped
                                    Size (bytes):12973
                                    Entropy (8bit):4.776116560814963
                                    Encrypted:false
                                    SSDEEP:192:rL/qf/bvLbub5LbMLy3Frab5L27RLbWLifSnabUi4te:XqLebt/3FWU7V5fSqUi4te
                                    MD5:1CECC09D28D2742C393D73DF4BA32B6B
                                    SHA1:20C4EBE83F0D8C4D0EE8CDEDE6852EB7CD2E6EC2
                                    SHA-256:5735FE2D2FEB340EFD392DA6F344412B085D7828CE4831359706C8AF549690DB
                                    SHA-512:9F6A4133D95D84F556EE688DCD659D071913CEDB35F56A2B4C72A1EC87F46DCF95A0F9AF8929285C2D92FBFB390800EFC23BA271594FC03C595E89A22DC76771
                                    Malicious:false
                                    Preview:.<XtraSerializer version="1.0" application="DockManager">. <property name="#LayoutVersion" />. <property name="ActivePanelID">-1</property>. <property name="Panels" iskey="true" value="5">. <property name="Item1" isnull="true" iskey="true">. <property name="TabsScroll">false</property>. <property name="TabsPosition">Bottom</property>. <property name="ImageIndex">-1</property>. <property name="Hint" />. <property name="TabText" />. <property name="Tabbed">false</property>. <property name="FloatLocation">@1,X=0@1,Y=0</property>. <property name="DockVertical">Default</property>. <property name="Dock">Left</property>. <property name="Footer" />. <property name="Header" />. <property name="XtraID">0</property>. <property name="ID">b3971e8e-0150-40a1-b8cc-5870c2218806</property>. <property name="XtraActiveChildID">-1</property>. <property name="OriginalSize">@3,Width=269@3,Height=613</property>. <property

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Layouts\mainbar.xml

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:Unicode text, UTF-8 (with BOM) text
                                    Category:dropped
                                    Size (bytes):168319
                                    Entropy (8bit):4.380756081200017
                                    Encrypted:false
                                    SSDEEP:384:7IoK/Tk2xQrcAqugVM9Q3TCi+bls9iRNReqjwSGt+hRXOUaEmEKxb9O0WYWE+XZ0:6YJs45knsE6zOzlvVukbtNiyeJe
                                    MD5:FAFA34299A510FB7B6A16D9B106B154D
                                    SHA1:B4C7257EE44C7F963F84623931987A40DED4899A
                                    SHA-256:D9B9D8FB3FB31BEB2F37E3B9F0B82B37ED58708873D565A36EFA5824FCAC6719
                                    SHA-512:7E4F982679751694408D621FBF44F8D2D3470603CD5E6D1E4444D52F7CB691973A08CBEC3DCB68CA432E67B77F5E74767DB5535B4416D38E3393ED365C4BC21A
                                    Malicious:false
                                    Preview:.<XtraSerializer version="1.0" application="BarManager">. <property name="$BarManager" iskey="true" value="BarManager">. <property name="#LayoutVersion">3</property>. <property name="Items" iskey="true" value="15">. <property name="Item1" isnull="true" iskey="true">. <property name="ItemLinks" iskey="true" value="6">. <property name="Item1" isnull="true" iskey="true">. <property name="UserRibbonStyle">Default</property>. <property name="UserAlignment">Default</property>. <property name="UserPaintStyle">Standard</property>. <property name="ClickCount">20</property>. <property name="UserWidth">0</property>. <property name="UserCaption" />. <property name="KeyTip" />. <property name="ImageIndex">6</property>. <property name="BeginGroup">false</property>. <property name="ActAsButtonGroup">false</property>. <property name="RecentIndex">0</pro

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Metadata\AGLCSS.Product.xml

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):89808
                                    Entropy (8bit):7.99795133269306
                                    Encrypted:true
                                    SSDEEP:1536:JVoZMygBH5PEtvHmw8nkdJXDTUgFeb+oXZThuGkdcsg69h4lUj+i8FmG3fpQhXYt:JVqMygBH6QOTlFebVXZTUGkdWKfjV4vl
                                    MD5:F55F31F87365B425AD2E9380FDF4A955
                                    SHA1:EB8803C178E437F12FE5A43FCB66507C33099BB7
                                    SHA-256:CC9B6C17290732646DF65DFE016F9C832F9FB650F2D7E36D22062D4FFE6BB4AB
                                    SHA-512:74187A669AC0E205B5F7B9DB29350C8A7C0AF8208C2AD7DD90C22E29BAC488B7949697EF13B0794F3CBC1DD337B61828616DCC8E9C021E97FFE43C7F9F31F018
                                    Malicious:false
                                    Preview:.Y..O.^.Bq}c.e..:yI.@...]..Jl4.MP.Z...u.[.,`..j.(..5.-....!.3f......tb.u..[C.o._..N.u...**Q....;_..8.t....W*E..F..-.j...g...D..u[t=B..s.7.#....|u...X.O.f.....Zv....:E.%=..7.^.v... ...M...o.x...I!._.N.$.#..g.."t.*....b..........E5.....D...|.).. .E.$Ec.u.l..rF..s....Z.$..Mp.`.;.UV&7.7..0..@..q..........+....&@..'.=4...=f.}/C',.&.....m@.n.SL.=...|#..}.:eC../cS....|...W....[............:.l....(#...H6.o....24..vg....j..r7.s..........6.....O........ ..3~.C.,T...l......y......oXC.............v}un5U.;..%.S..1....=.Z..'.j...XW.f.~..k..f..YU..n.....a...Vv.|..J.,...9...?E.....7.^gw....xs..O()V...F....gG!+.Q.7.....Z.......IS. D\^./!..e9c=.8..P.)....q.N....N(.c..9.......i...".."..c..f.3........,..2.?1............D...e.geI....wLu?.Y...l.R..(|.fb..\^.....Q....^..R.l.V....]...K.uT7....... ...@.uB.R$P.t......<.x.%.....~S`.<......h.i.1}0+1.f.v:.l%.9.8...4.u...z%....w@J...\).HQ.._....%...9~..;...F....`..\.Q.T?.cJ....].q./.&...,..vHs.[...J..GV<.....w =

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Metadata\CalcExpressionConfig.xml

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):24944
                                    Entropy (8bit):7.992065105427095
                                    Encrypted:true
                                    SSDEEP:384:3sXANRM+pIlXlWHOsYHmQssX5wUvFioDkOC09f3CZ9JTvNizrW/S+LCYKY8G8aEj:8RttlgnkIooL09fE3liz4tdKZmZt9mV
                                    MD5:DC991F2B06E368CF07B82831C8B219D3
                                    SHA1:11DAB7856056DC73FC76F80D576CFD3B12BD09AD
                                    SHA-256:8DA433619A129FA5DC11AC7848274BF3AF1CB703FBDA29B8B0A61961B44533FC
                                    SHA-512:0CCEC7CF81064CA47F6A43E159BE841EC166E4A804132492B711188CF73B3A048AA108DF751A9C6E32A420D5805DAE754E787A513800AD8A38CAAE609F6D134B
                                    Malicious:false
                                    Preview:.Y..O.^.Bq}c.e..:yI.@...]..Jl4.....3..A..}...3....3.\.W.^cg....M.W..-!..4...aU(..p...Gh8..X.E...)....";...-.S.@..c.T.R....a.i.w*.z....w^ZP4.......B.<.*....S>I.$.,<..!...[..&.i..P..e}iu.v\.|Wl...g..M.#k...*..4l.:b.2...'....T...y=.S..Pv,N.._....t.*.s....0..#.."...[-....<omL.6.h.e....A-.......!...;Rn.......<.m.i........HL.u...?.Q.;.M..+o.C...~....?.r.O..|c......[.1.h&@.9~.{rl.+.=lx..k\....]...,......,#.X..Q....mV...].3.BD..._.Wk(.....O..../MM..T'.@C@YbHIQ......`..t...O..=...n.....<..5a.w. .a.LRU..fl.........`.\.S.&3m..-9....k..r.-.}B-..M.......X.$5...&z.;y...M.....w......D.).V#.f......P/...!Q.jDHZb..z7v....9.....J^9..E...}UB.A.D`xn.#..f...<.._D8M..........X...B<R*D...x.H.3J...a...gMw...vR.%y.A!X3.n...aJ..d....J.T.TG........&.@....P0.I,..i.\dGZ.Ux.Y.2du.k.}.C.MM&(U..G1...B....0....b.....r.V5.....Z..r..fr....5T!....%..6Ur.8....a.D.w...'.B.9....=cP...>.....c.().w1.gv..;./.,..<..B..il.y.... D...\....gE. ..ON.F.U..{..9.6....l.{r.....#.u.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Metadata\VersionInfo.xml

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1984
                                    Entropy (8bit):7.903226621688569
                                    Encrypted:false
                                    SSDEEP:48:vGih4kPhP+C+7oB8NMuRoa0sSh8AohBSD6j8tbIhlihiv1qIngn:v/i2V+7i8mzLJD6j8RIjYivEIngn
                                    MD5:FBED4678243C8B94DDEA2E87047EC0CF
                                    SHA1:78C44FA862421F423202E2DDDCA72142C1DA90EA
                                    SHA-256:AE6E1A15509364D3D7D0B630E0841355F2EAE2B4FBEB755AAEF20106BB975DFD
                                    SHA-512:E1C71F280D92628B5D7E65D0ADFBE6FCB67BF1572EBF9BA9DF2A67EBCCC82EA749C7E34C89F0262696B372350D789B309BF5D5E7313D2FA997CB65B3172451B9
                                    Malicious:false
                                    Preview:.Y..O.^.Bq}c.e..:yI.@...]..Jl4#....=.1;....e.........li...)..a...:*......m/....P[...p'Kk...n.W..k8.e..UT.@.......4.e.Q...B..\..<....x).we.4.:}0&._..|+..:s.........o.k.M0.F.....U...e....g...P....r<...e.OFv"x...s.j...:#,.6....~B.............>O>=ra.7.^..pQb....t..oh.u..[......-U.a ...~...b&4.'!.5w..Tr...-.........Y..854..}..g...&./$C..i..UV...x...&_H...YN.....;...x.vq@5^...t....kU._.g..!.^.e.....>..G.U,....oC>.I.b......".|?b.~Cw_..O....]R..].'...S.%.qS..9...K8..ur*...*.%......64.9...._S......>..1.....v.p#Q..I......Q.......k.,.........;....?5.>..a,.].2.*....r:.dy5.1......a..x......9...@.Z.F"M.&.)...,..\....N..._....S .Ed]...>.Z3a]1..Y....~W].|{....e{..U..."FDk.k...sD...B>7....-t.....\.c......9....".a..!O..PE.q.glx.>X$......6...........(i...G...0a9.........p.N...w...'..h...PS..'P?...4...)...r.8.N)............,..i@[.[..Y.;.x`k.......<...l.......f..c..mB=.1.Y...."3.....&y...L.m.|.d....6.<.....A.}.n......l......{..9n.!B.U.JxN..VHE.5...)...Z...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Metadata\ac.xml

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):496
                                    Entropy (8bit):7.583620008070925
                                    Encrypted:false
                                    SSDEEP:12:imCEDsgTr/PL140hVbFia0t5qFL/7bV6tR/s/RP7xDk9lTFZTMLq5UIW:vNDswr/PB4SVboasALTbQtW/RP7xDkXE
                                    MD5:9ADA5C672C3BEB65B61FE94F8DD4EAFF
                                    SHA1:9361A24BA73B57E46C92284B8C3756B511FFE307
                                    SHA-256:ED67F702C0C10236B75CC60FAD7C2E0AAABC35D51CCD1ADCCD8C1007016B2528
                                    SHA-512:B837C28C6D1EACBDF5EA7B598A0984C34A8F00FBC6A913231901372F4B0D496E058FB0083E2D15B3DFEF3B2587598507B605656B10241D352ABD03DD485B32BE
                                    Malicious:false
                                    Preview:.Y..O.^.Bq}c.e..:yI.@...]..Jl4..(...2q.f...s..^m.?..@y#iV.......M...!......%.-...<..|$_.b..5/.....S....w.zb..s.{4.....n..B^...o.lf..H]...'D.u)l.-%.C.H1....\.vu....@./.....;...f.bM...OM.L.6..\...A..;..U[G,G..l.s.f=.~.?`....Xr..O...JO...J...4^e.....,....e...qY.`u0.x....".].z....dp..Vn..K....8.:.......Eak.@.v.PI............=...H.77......[.....Hj..~..D.=sG.&u...Q.9.#}.I...0~B...t)...v.Ai....D.E.E&$"/..j.#A.B..yP....Qb....M...m.a*UU..1c.7.L...G.B.M..Q....T...$}..}...oa...*

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Metadata\states.xml

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):6896
                                    Entropy (8bit):7.978909687584445
                                    Encrypted:false
                                    SSDEEP:192:OEfDIpAmEJb8n1BvnJRHqhHG2VPrYnUrIonxTtv:bDPVJgvJp0RVuUZxTtv
                                    MD5:D83A8CF359A5D9F837E52A8F2684DBF9
                                    SHA1:4E0D161F27BE93E8BA525815E90BDD5AC792E499
                                    SHA-256:3E1CD7AE9F92445D064AC05126B9E108447CF84D641F789AE0635CA1E58D0274
                                    SHA-512:B3D040D6FE6F6AF8FC1A715552A48F9D257A756D3516C0C48495A9AAE74C7E130837198F0349A7AA527FBEA6577CECE090462CA2321C5619B65432ACAE7084F7
                                    Malicious:false
                                    Preview:.Y..O.^.Bq}c.e..:yI.@...]..Jl4I.WX.......}f.9^....V...O...k..|.x..........k.....F=&......|.M{{+t%m.x.ee>.K..bx.s$. ..a.......H..;.q....8.JO.JN.......>',hQ...-k...X.$...Fcz\p.I.REZ;..nN.F_..f...0.i.|6.....o.}.mf[.CA......K...)......G......2...w.h.......tm!...N.X..].LIa.a-.VKc.6..).....Hq...h7 :..8.......>Qn.............f@e..4]..V........v...^j..../..dgT9.D..R.8?o...M.v..P.......&.p....r..\#..lz......c.N.m.g.ht..4."....?T.n.~...9[...=[G..N.W.adK......kC..y.U..Q.........H' ......J.0.....2.ED.Y.5n..)...../:...&O...................O].?..q..5.....$...x2.*O-2E....u..Zf...p|....-...7s`[/..."Y...d..&..}.%.......5..6.......-..M.V.e..+.d>..lf..a.....X.{.`...E..].e.j..o.3J.fy.#G..F.'....x..L.... $.O ..9...a........n.\.a......f.....I..{_...2O.........T.....w.3.2 ...M..K.....+3~.l.W.H..BY...p...d...R..3.._.o.lI...5d.Z'.l.y.o..2g..=...[...!..44_Iy..'.j...M.E.f..........\.Nk...q..89.dt<^.C.@..>W......H..%...S.Z.5.#....&.......^.v.U?...4......a.t./

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Metadata\validationmsgs.xml

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):28352
                                    Entropy (8bit):7.9939485136602615
                                    Encrypted:true
                                    SSDEEP:768:gCb7v4YZkS7xhVHHqUfECL9oJp3uy5R480oWWgCbxy:a27PZHqjCBo3PK7oWWLk
                                    MD5:AB4B2245CA22BE01D01E9C3509C469F4
                                    SHA1:FC1A03DABF0B86AC8B65D893F053792D16A90CD9
                                    SHA-256:14426E2A0F93C2710A49F474A2948F6F44B709BE5525C0EC42BF7F8448680F2A
                                    SHA-512:2EBBDB03D0E834973AB9C6B9B1555C5F3B0A237613C016B1EF70ED270034051B8968123C730029A1E62A47675C920B48628ECEF676D329B9CC17431BAE2FBE79
                                    Malicious:false
                                    Preview:.Y..O.^.Bq}c.e..:yI.@...]..Jl4.!.0=...bCN..>"..8..2.T.......%.<./.H...gM..*.A.&c..\<8...H.k..G.N......X{...L.G.S.......J%...]F3_.;W.T..~g..3.......1.MS...U.I.h[.N...O}.ls......S..T8......Q...<).~b....$V1.i..HD...&.r].....8.U.U......."..E.3L.z.W.c.....'..Z{.H.l..R...{.F1..6....5..dPP......*...@C...3.i...k..|I..#.LMEBd.%.=.q..X..1..{.:\<..t.M,. ...<.c2...)..[w.Y55.=..C................lD.......Vv......4.....B.K.$...S.M..j.T\.c4.M.......L..</.......L.u.....5.-...>.S.;..;.D......<.8..H......?...g....%...rjN=.Gx,..4.c...6...u&...k-.uxY.^..B ..8g...Q.}]..q<o.@\.n......vJ..O.."G5nq'..>.b.......D.9IRIK?......A.#B......$...."U._o)v].....t...e....L.rOq.Q..f....&*.DKa...%Ex.JYKn.wL...N..D6.prTY.e.......i...$'2...D.v......}oS@:...O..,.YM{....+.j..[?x.3s..c...Pf...@.G.z..r.<..d...1o..:.~x|....}....9...$.2.)...VqsK..4.....3.<X.#..Nb@.q..q@b.Cf...l..n.m=...zd'.;..Q.].09.|.....k.I?..7..e.<../|c.^.C..e..6z.R..v..W...H;l.B.....e.,....t.?.....m..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Metadata\version.xml

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):211
                                    Entropy (8bit):5.171110677339082
                                    Encrypted:false
                                    SSDEEP:3:JLWMNHU8LdgCgNW2X4MKLbo6H50pWNtFYsXLKFfjmKcDJVmMCD0UW7zDNtA72X4T:JiMVBdmkMKn7DYsEfaVhUW/ANMKv
                                    MD5:855F17D7604B17AFC8C7A8C720F304A5
                                    SHA1:850477CD5D5C1251B5DD20DDC1B65B5E51CD15A2
                                    SHA-256:D626DCFF83DB62140A59F99D8327616B33FC74CCC63DBC79A97D1E5069232E03
                                    SHA-512:D8DDA9822AC3AB036882EE86061B577D3638B63ED16430B08CA441405EF13EA9D878F9A26F359E1B18E05C5D51965EDA7CC1454F21F634C392F53D5DAD734040
                                    Malicious:false
                                    Preview:.<?xml version="1.0" encoding="utf-8"?>..<SoftwareVersionInformation>.. <Alias>.. </Alias>.. <VersionNumber>6.5.0.2</VersionNumber>.. <Copyright>Copyright . 2013</Copyright>..</SoftwareVersionInformation>

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Microsoft.CSharp.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):483280
                                    Entropy (8bit):6.153243582041234
                                    Encrypted:false
                                    SSDEEP:12288:0A7evtKx2TDGyNXQ5RoYIIv6a6666/ENtGfVHbQlP:P7eV6GDGypYRD6a6666/ENtGfVHbW
                                    MD5:AAC7E95B2FF1624E899682AF088FFD74
                                    SHA1:24374C7FAE3E5C3BA24354ECBB7CF6DEDDAF6CB7
                                    SHA-256:6AAB0B8BDED2B5481F135449DA2B15AFBC16114E5CA4DB519F9A1A2E37CDF3A9
                                    SHA-512:0FD8B203DF1F918C58AD44DA1DFD3B70F550477C37DB30807A60E3943A55B8EB558B7E5BABA69FD9BF2C8F66DC71CAED756E84BF622C24C78D1E868BFF3F2FEA
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...i\.O.........." .........d......f.... ........... ...............................:....`.....................................O........a..........."...=...`....................................................... ............... ..H............text....... ...................... ..`.rsrc....a.......b..................@..@.reloc.......`....... ..............@..B................H.......H............................G...........................................0..(........._........._..........,...`......s1...*.0..(.........._-... _-..+..+....._...........s6...*"..s:...*....0............@_...........s@...*....0.. ........ ...._..........,...`....sP...*.0..E........._........._........ ...._..........,...`..,...`..,...`.......sa...*&...sY...*"..sg...*.0.."........ ...._........._...........sn...*...0..#........ ...._........._............st...*..0............_.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Newtonsoft.Json.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):701992
                                    Entropy (8bit):5.940787194132384
                                    Encrypted:false
                                    SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                    MD5:081D9558BBB7ADCE142DA153B2D5577A
                                    SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                    SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                    SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\AGL UQA Form w-Atty Fee Language.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):271191
                                    Entropy (8bit):7.331925058869466
                                    Encrypted:false
                                    SSDEEP:6144:NTHYfUWAdbadM7eRMe8suEDqAecfDErjBT0Y:NuUTVavmTEzecfDErjv
                                    MD5:A4F812603A6D3DDE5CFF33D460B638E0
                                    SHA1:57032397F9E4834F3891BD01FA28ED6D9773CC91
                                    SHA-256:BB1D4688861A4984331020BCA870E0546C22A7C7C6B7013DDFCE46AED446B0FA
                                    SHA-512:268777F4B85213A5CC6CC2E4B2029909A174DB99AA0FEF29FD482B1ECC32AB3455ED83D9671BFD738AD024A380CB7D414115D30772FDF02A7C1438432033DB64
                                    Malicious:false
                                    Preview:%PDF-1.6.%......275 0 obj.<</Linearized 1/L 112064/O 277/E 60394/N 2/T 111673/H [ 486 248]>>.endobj. ..289 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<F62FFD8A8B0636761D1D2F028298AC03><160164025C601443B03B7CAF96322E97>]/Index[275 21]/Info 274 0 R/Length 75/Prev 111674/Root 276 0 R/Size 296/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`:.$.O..e .\."L...Z.Q.$..@,.........@,. q....q......N.g... ...V....endstream.endobj.startxref..0..%%EOF.. ..295 0 obj.<</C 154/Filter/FlateDecode/I 176/L 138/Length 148/S 55/V 116>>stream..h.b```g``Z............b..,.....00.00.:&0405.x@...X:.H... Xd...C6.^...,.X..L`Y..........@..1......,..t.n. ....Q.. .c`.I..@.I..U.00n...b...0....H..endstream.endobj.276 0 obj.<</AcroForm 290 0 R/Lang(en)/MarkInfo<</Marked true>>/Metadata 18 0 R/PageLabels 271 0 R/Pages 273 0 R/StructTreeRoot 38 0 R/Type/Catalog/ViewerPreferences<</DisplayDocTitle true>>>>.endobj.277 0 obj.<</Annots 291 0 R/Contents[280 0 R 281 0 R 282 0 R 283 0

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\AGL UQA Form.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):139318
                                    Entropy (8bit):7.900503114690352
                                    Encrypted:false
                                    SSDEEP:1536:Q20tw/fqLxI77gx+3Q6wNDKAZs0zSfkZFFqN1JzWpZhSVWo3F0z9Ja/ZpogcyPVp:QttJq5kKIX4UOPF0z9JyoryPcu/p
                                    MD5:513D61397239E19C1DD91DA9ACC26A2B
                                    SHA1:1257E2F4B9A789D618C5A280E31DFFBA04AF9449
                                    SHA-256:ADAA5F7CE8217881E1BF401226A16FF2C92521B7E8E5AF23C58AF2A76F89D182
                                    SHA-512:3781F75009521606D27DA81667F0C7B5848B11C9693BED7D202C2ADC1B7FB555DF3D9123F81C595F81CD973F6DA5FD6CF8B5EE6CACF38535B7B464B224093032
                                    Malicious:false
                                    Preview:%PDF-1.6.%......198 0 obj.<</Linearized 1/L 139318/O 200/E 121543/N 2/T 138921/H [ 552 265]>>.endobj. ..218 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<30333036383538612D613736302D343736352D616261632D646630623837633837313831><5310CDED1A4B4B41AE151A3B8B628385>]/Index[198 35]/Info 197 0 R/Length 102/Prev 138922/Root 199 0 R/Size 233/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``V...l`2.D....L.`..D.7.e.A$.3...&...`...d=.f....! .^.H2.T..........L@.C.j...@.g`....`....r..endstream.endobj.startxref..0..%%EOF.. ..232 0 obj.<</C 172/Filter/FlateDecode/I 194/Length 165/O 134/S 67/V 150>>stream..h.b```b``.c`e``[. ....,@Q..........:....f;?00vt00ut......a....b..H...#.h>...lz..Y.....Na.cue`.;}.r.,.}.8.i.m....:.4#...i6....!|..p7.30>...v3.3\...I6.... ........endstream.endobj.199 0 obj.<</AcroForm 219 0 R/Lang(EN-US)/MarkInfo<</Marked true>>/Metadata 9 0 R/OCProperties<</D<</Order[220 0 R]/RBGroups[]>>/OCGs[220 0 R]>>/Outlines 14 0 R/Pages 196 0 R/StructTr

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\AGL UQAR Form - 2 Assignors w-Atty Fee Language.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):166877
                                    Entropy (8bit):7.9182011196458015
                                    Encrypted:false
                                    SSDEEP:3072:AB7GPGme17voHbEaghrY/8iyn+wRM228xkTtbaSfSXhE0UkBc544SE8c:AxGPReFvqbE9hG8wpN8xYaSqXe0UkBc9
                                    MD5:366CF01DFD559D5B393F75E351A9368A
                                    SHA1:CCF7A43A9C6FF9562FAE5F050193970141A3257A
                                    SHA-256:08AF956FC76E4A6596E937FDA15E1965D5EB9A03BB7896200E4782FA46B80964
                                    SHA-512:404609B5A79A1F48D09A23982077FA2392081653A271508D10F2C73C40946AEF3AD965D2A5A8EC105FD32C6289FBA94AB31C2D38A7F9530315BE7F017CCBD5C0
                                    Malicious:false
                                    Preview:%PDF-1.6.%......370 0 obj.<</Linearized 1/L 166877/O 372/E 112178/N 2/T 166471/H [ 503 250]>>.endobj. ..387 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<E54F633E876394448649D76F4831229E><23DFB7D347950A44A9DF57098DD240C4>]/Index[370 28]/Info 369 0 R/Length 94/Prev 166472/Root 371 0 R/Size 398/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``z."..I5.)*.".=@${....&..H.:0........f..... ...H2._.$..4001202.e..I .304...0....2..endstream.endobj.startxref..0..%%EOF.. ..397 0 obj.<</C 161/Filter/FlateDecode/I 183/Length 156/S 61/V 139>>stream..h.b``.d``:.....r.A.....b..,.....l``...b...b.h."...p10Y}...@,..I`.`8&...../.B.P.9...{.@.....w.=..1d0D.a...d.../P+E.....iF..n.."...z.d;......4.S...ZFO.....D @..endstream.endobj.371 0 obj.<</AcroForm 388 0 R/Lang(EN-US)/MarkInfo<</Marked true>>/Metadata 25 0 R/PageLayout/OneColumn/Pages 368 0 R/StructTreeRoot 53 0 R/Type/Catalog/ViewerPreferences<</DisplayDocTitle true>>>>.endobj.372 0 obj.<</Annots 389 0 R/Contents[375 0

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\AGL UQAR Form - 2 Assignors.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):128842
                                    Entropy (8bit):7.876931219988963
                                    Encrypted:false
                                    SSDEEP:3072:wUZz3ipxOQHdO/XxlmPVpggM0Tq1g0HN9g0H+0Xx:j3iPdOvDaXggPTq1nHN9nH3x
                                    MD5:7EE496364D9E530C1FE8CBB4150B0962
                                    SHA1:E65536026FBC882509F913C1D3F7ECC60F6F27E2
                                    SHA-256:F03F9071C5E36B9750494C9C71A6648A065141F1B09C9674F62CAA8C437C373C
                                    SHA-512:6A61F37D843CD12D1CF688645D465FF61B9D05DCBFC7D9D6B6097B0FF22214DA9DF3F2D6CEBFE9C1468616D83EF767AFC9E162402C26D4F7FE49B2F1DA3F5BC2
                                    Malicious:false
                                    Preview:%PDF-1.6.%......371 0 obj.<</Linearized 1/L 128842/O 373/E 87988/N 2/T 128440/H [ 502 242]>>.endobj. ..388 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<E54F633E876394448649D76F4831229E><4A6BCB57908DC041B20214081A5C9112>]/Index[371 27]/Info 370 0 R/Length 93/Prev 128441/Root 372 0 R/Size 398/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``.."..I5..,.&.@$......"9:..T0{%...fO.._.I...@l.H..h.$...a`bd`d...h".....?....\"./..endstream.endobj.startxref..0..%%EOF.. ..397 0 obj.<</C 157/Filter/FlateDecode/I 179/Length 148/S 57/V 135>>stream..h.b```c``:.....{.A.......X..........."......`...30.....@,...d.`8.t..;.[.........Q.[...............0....:..@....pG.10n...@.I...J00~..e...0.X.....endstream.endobj.372 0 obj.<</AcroForm 389 0 R/Lang(EN-US)/MarkInfo<</Marked true>>/Metadata 22 0 R/PageLayout/OneColumn/Pages 369 0 R/StructTreeRoot 44 0 R/Type/Catalog/ViewerPreferences<</DisplayDocTitle true>>>>.endobj.373 0 obj.<</Annots 390 0 R/Contents[376 0 R 377 0

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\AGL UQAR Form revised w-Atty Fee Language.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):118997
                                    Entropy (8bit):7.868767802568745
                                    Encrypted:false
                                    SSDEEP:3072:HtS0bloOse/LHZhkJuvf6JxMTDUcbZb6oZdi:HtSzG/LrkJuaTKEoq
                                    MD5:70347E92AC6EDAE9C28196456302E667
                                    SHA1:B52980EF9B3A528850C811AE9CE189AE162FA844
                                    SHA-256:99FBD94CE621217BC47BCBCB77A4810D3D37D20BC9215FD36DB30C1599988100
                                    SHA-512:7DED3A00D2C4EF567E331674BA1F5DA006A5173472FB6730831C1D872300A5B1EA243DCB32C07D4248AD028509F9E1D2380BD5A8D3FB10BB6E40D9F6B1941F7B
                                    Malicious:false
                                    Preview:%PDF-1.6.%......227 0 obj.<</Linearized 1/L 118997/O 229/E 66978/N 2/T 118616/H [ 491 237]>>.endobj. ..243 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<06265E82E8746945809BE4CE3AD1C468><7D808298CAA9A348B2FB8FCC800D65A2>]/Index[227 25]/Info 226 0 R/Length 83/Prev 118617/Root 228 0 R/Size 252/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`:.$...S .|.$v.Hp-....@..$.%.b...*@.. V.H.2.....L......,..F...F._....... ..endstream.endobj.startxref..0..%%EOF.. ..251 0 obj.<</C 150/Filter/FlateDecode/I 172/Length 143/S 59/V 128>>stream..h.b```c``................@q......v.EXB...:.X;."@.....H...(X$.A...S.c+....G......y.w.}.S..[9...0..WB..c`...H3..q..v..4..y..*..xN..... ...I.G..endstream.endobj.228 0 obj.<</AcroForm 244 0 R/Lang(EN-US)/MarkInfo<</Marked true>>/Metadata 17 0 R/PageLayout/OneColumn/Pages 225 0 R/StructTreeRoot 36 0 R/Type/Catalog/ViewerPreferences<</DisplayDocTitle true>>>>.endobj.229 0 obj.<</Annots 245 0 R/Contents[232 0 R 233 0 R 234 0 R 235 0

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\AGL UQAR Form single assignor.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):85039
                                    Entropy (8bit):7.85125155745619
                                    Encrypted:false
                                    SSDEEP:1536:MLk0h5s+dBBfjdvEKIfZlqoklF3+PowG4QISXMinqfohKBLvi+b:WNPpbdMKiZMoyJ+VxSX5UmKBF
                                    MD5:CC0708FE1895AA0A4DB1481CF0D18DEC
                                    SHA1:37E84B932CE5F10D46A9956404D74848950D0C4A
                                    SHA-256:43C6E121BFC35C098E5804F0D7C62AB8747CB70C220293DD41A3D7C59DBC3220
                                    SHA-512:BEA6DCB361C8550B7B3814F550427B9833748065B9B47F0225D2572D9A244EA0CC28A0685EBB0264C49066F104F48A4CF995F8C3060576F12D33826F19CED6DC
                                    Malicious:false
                                    Preview:%PDF-1.6.%......301 0 obj.<</Linearized 1/L 85039/O 303/E 66328/N 2/T 84670/H [ 490 246]>>.endobj. ..317 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<0571A0C1DC3AE263F7CB8D3BEFD0D2C4><2B4D265219612F439E219FF2761D80ED>]/Index[301 28]/Info 300 0 R/Length 83/Prev 84671/Root 302 0 R/Size 329/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`..$.O...@.Y.$..H./... ".Hp.X. ".....l7@."...X..C.&F.=@...#....].......%..endstream.endobj.startxref..0..%%EOF.. ..328 0 obj.<</C 150/Filter/FlateDecode/I 172/L 134/Length 146/S 54/V 112>>stream..h.b```f``.......A.....2,@..[.......=.... ...00...i>.J....=LG.;....~.+.]c......a+....+..X...#...f..{.n....v.D............N:......s.D...@....O....endstream.endobj.302 0 obj.<</AcroForm 318 0 R/Lang(en)/MarkInfo<</Marked true>>/Metadata 11 0 R/PageLabels 297 0 R/Pages 299 0 R/StructTreeRoot 21 0 R/Type/Catalog/ViewerPreferences<</DisplayDocTitle true>>>>.endobj.303 0 obj.<</Annots 319 0 R/Contents[306 0 R 307 0 R 308 0 R 309

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\AGL UQARP Form.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):177091
                                    Entropy (8bit):7.932548893799598
                                    Encrypted:false
                                    SSDEEP:3072:ekVabKxzj0wYlFuysB9i9t7GKfsO8tdNuFzxzGpCM3D2c6:/VabKxzjhYlFuyA9IUOrzxzqCMy1
                                    MD5:917FB6F4DBA2D39F2ABD921E8CC174B3
                                    SHA1:43E7F984DB9BF07797E8FEE33DBE58995303749C
                                    SHA-256:5CA1A1F69E772CABEE6C6E30BFD78E71FD1C2AD4CF03A7AB4B32CA33606CC018
                                    SHA-512:98D36EDCCA6065CC67C2D86D6640978596310FF89CB7EBB1BF7E0F316582757890BBCED75F9F738177BF6B9C6069A8717145FFE5F4CCB662315F9C5E5CD3AC8E
                                    Malicious:false
                                    Preview:%PDF-1.6.%......245 0 obj.<</Linearized 1/L 177091/O 247/E 123986/N 2/T 176699/H [ 507 263]>>.endobj. ..264 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<4CE2811304CB1441997A830CA91E55FC><1BE239D78937C44D95514CF26F026C18>]/Index[245 32]/Info 244 0 R/Length 98/Prev 176700/Root 246 0 R/Size 277/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``..".e../.d9.".<.....f..\S..*..."9..lW...`..`.F...."..$.............e...$.302...0.z..>..endstream.endobj.startxref..0..%%EOF.. ..276 0 obj.<</C 173/Filter/FlateDecode/I 195/Length 163/O 135/S 68/V 151>>stream..h.b``.d``.``a`..`.d@.A..+.s4.jm``......n=.................*......H$.....,..._..r.p................~-...@..b./.S.".f.". ...Tl..3.;......H330.....00m......`.)..a..endstream.endobj.246 0 obj.<</AcroForm 265 0 R/Lang(EN-US)/MarkInfo<</Marked true>>/Metadata 18 0 R/OCProperties<</D<</Order[266 0 R]/RBGroups[]>>/OCGs[266 0 R]>>/Outlines 34 0 R/PageLayout/SinglePage/Pages 243 0 R/StructTreeRoot 42 0 R/Type/Catal

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\AGLC107709-2018NonCompact.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.7 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):4146669
                                    Entropy (8bit):7.998957552955985
                                    Encrypted:true
                                    SSDEEP:98304:PIBTrgMEPGvY1qHpWsopEMya/lPVkGPHXCBld6hGgL+TUSr4:Q8PGzL/M7NVkGPSBl6Grgv
                                    MD5:FDF703D039370531E015312357B5B689
                                    SHA1:9E95D6DA9A218054D1E00190F369E4ED462BD3E1
                                    SHA-256:D0CD2A185B889B62E3D64E3D9AB113D6C92D3EB4A87FA4F5165734AD558A535F
                                    SHA-512:49B39B7C27D471FA25D56A3AF88044CF9821761583AEA1CF6CA8AF3C84256B71DA6D283FC055133DFCE1216E137818E821BE76639F4AF78A3A20BE56F8216435
                                    Malicious:false
                                    Preview:%PDF-1.7.%......609 0 obj.<</Linearized 1/L 4146669/O 611/E 46307/N 1/T 4146077/H [ 534 319]>>.endobj. ..637 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<88A6D8A5982341ADBF06E789B0DB9EE7><64633A137D5AB1458B5566C4A78AEAC8>]/Index[609 54]/Info 608 0 R/Length 119/Prev 4146078/Root 610 0 R/Size 663/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`v...7@D$.....,. .Q ...D|...@...$..D,.).....@.u0...@.'..n..K.Hp..ez.$.A....; ......7..........Hg.?............endstream.endobj.startxref..0..%%EOF.. ..662 0 obj.<</C 252/Filter/FlateDecode/I 274/Length 213/O 214/S 38/T 172/V 230>>stream..h.b``.b``z.....1..F fa.h..7/a..f...F2.0.0.a.aU.<.yD.......\....3.V.k..~`.2.1T8..#u..!...S..`...h.JC.....V.+...].s..Ct...LS..h5.c^.@..%....H..a..y.u...q.+1."....l;.+10<...j.v.=pU..v..}.....g.w...e...0...2...endstream.endobj.610 0 obj.<</AcroForm 638 0 R/Lang(en-US)/MarkInfo<</Marked true>>/Metadata 77 0 R/Outlines 115 0 R/Pages 607 0 R/StructTreeRoot 230 0 R/Type/Catal

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\AGLC107709-DC-2018.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.7 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):1201515
                                    Entropy (8bit):7.996745937046274
                                    Encrypted:true
                                    SSDEEP:24576:G3hlsclT3ph7ACCtsKR7D85g4gMngbu0Lt9bp0BNpAkVS7R:G3XscZPYqH64gMgaBNprS7R
                                    MD5:89D16B00D7E6DDEBBFA44A403DDE9633
                                    SHA1:ECCC0D1B4E6BD5462B1E2CC497553B04B221A347
                                    SHA-256:808892B39F714C2F0C1B7C7934216D9B6C71E90E24DDB3F2152457BDEF84DCBF
                                    SHA-512:C4557F5E8C7F37D69C6C9D0F80C8608950321FF7CBDDA80797196316908A84E09FCFCE9E0A7CCFA59B77C933239F26B72573780C4C49E72A555E2DE95899C147
                                    Malicious:false
                                    Preview:%PDF-1.7.%......469 0 obj.<</Linearized 1/L 1201515/O 471/E 30248/N 1/T 1201053/H [ 513 300]>>.endobj. ..494 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<3DBD13B322EC40B0812607D556312DA2><EA4B115374B6C249805581F1B990E3EE>]/Index[469 47]/Info 468 0 R/Length 112/Prev 1201054/Root 470 0 R/Size 516/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`.....@D$.`...,i .Q ...D.....It.......H0....7 %...9...$8.A.G@....%..{...Y..2.....1.d..#.....o.......c..endstream.endobj.startxref..0..%%EOF..515 0 obj.<</C 234/Filter/FlateDecode/I 256/Length 194/O 196/S 38/T 154/V 212>>stream..h.b``.g``....E......Y.8...?.`..&`.X.^.......-.`.U.Tq`...T;...&...+...,P1Q.a).e......c.[..A9.UM6..........H`..|P....TdT.._.AH......Sp7a.9......m@,...(.H.3.&...Rc.bq...A..\T.A(0..... ...9)'..endstream.endobj.470 0 obj.<</AcroForm 495 0 R/Lang(en-US)/MarkInfo<</Marked true>>/Metadata 43 0 R/Outlines 78 0 R/Pages 467 0 R/StructTreeRoot 97 0 R/Type/Catalog/ViewerPreferences<</Direction/L2R/Displ

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\AGLC107709-FL-2018.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.7 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):531490
                                    Entropy (8bit):7.988002734173504
                                    Encrypted:false
                                    SSDEEP:12288:J9Emv4eK/KtDZbie/QEoBrBUkAqWaVZ+sSrXi6XCrl:J9EMLt9bp0BNpAkVS7K
                                    MD5:6EA3FD2408EBE0C3E7CAAE645FC9E36F
                                    SHA1:6662CFB78827CCA36F1EC490CE2E0F61A6B977BE
                                    SHA-256:675D5FBF6A3343B79477B0E59B2AB317B3499C05306336314D6873B93211101B
                                    SHA-512:BAE06AA7B7BB9614CE1C2E4F194045490D32D1C0FB1EF0CA7B0E3BC8B6D51D1096AA1A75BEE2C485335240C153156900C00620A54D3008E3CB1233DB9BD51CD3
                                    Malicious:false
                                    Preview:%PDF-1.7.%......453 0 obj.<</Linearized 1/L 531490/O 455/E 48024/N 1/T 531057/H [ 546 312]>>.endobj. ..483 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<E3E7E6BBB0BD4FBE8736793E9886A31F><318C2C1CCAEE3248B18C17BF5C0F861A>]/Index[453 58]/Info 452 0 R/Length 125/Prev 531058/Root 454 0 R/Size 511/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`.....@D$.....,i .a ...D.....IL.... .Z..X !...Z.3..$..R.m.b.........; .... ..^..mL.@bV@.};..#c.....8`.........Q....endstream.endobj.startxref..0..%%EOF.. ..510 0 obj.<</C 250/Filter/FlateDecode/I 272/Length 206/O 212/S 38/T 170/V 228>>stream..h.b``.a``.....3.P.#..0p4@......,....|,....;f..H]..b%p..Qd......F+..i...V<....k.L..-...\8...n0'.LPhhb.....p...!.a2......)...A<..0.H..$..2..>.u......1....sm.l.......4.... .*E....`?2h...j0pH.C.2r....D.+Z..endstream.endobj.454 0 obj.<</AcroForm 484 0 R/Lang(en-US)/MarkInfo<</Marked true>>/Metadata 38 0 R/Outlines 73 0 R/Pages 451 0 R/StructTreeRoot 81 0 R/Type/Ca

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\AGLC107709-NY-2016.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.7 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):606861
                                    Entropy (8bit):7.989782491078705
                                    Encrypted:false
                                    SSDEEP:12288:XzfHNH4m/Ewv4eK/KtDZbie/QEoBrBUkAqWaVZ+sSrXi6XCVB:7NxEmLt9bp0BNpAkVS7+
                                    MD5:F16F674E4EDB44CB99D3ADE081E86AED
                                    SHA1:9FC939B3A711C2A51C40DC0E32C7F71E50630503
                                    SHA-256:1AF33CA5555BBE6E1353FD37AB5AAD6C9B9804C6112F2E4320A337361EF641B3
                                    SHA-512:51198DFFCD107F261519974828BD4D8D69BCB04878318EC955B90191D1C80B98DCA233572A929472A901A192C2D811747FBF8B267366A649E1EB380002BCFB4A
                                    Malicious:false
                                    Preview:%PDF-1.7.%......453 0 obj.<</Linearized 1/L 606861/O 455/E 123385/N 1/T 606432/H [ 624 335]>>.endobj. ..492 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<E3E7E6BBB0BD4FBE8736793E9886A31F><1B0EB2E0AF262645A3E1375BD5662FE8>]/Index[453 84]/Info 452 0 R/Length 161/Prev 606433/Root 454 0 R/Size 537/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``^."...H....t.D.8......*W.H.i`.v0..&.H.X.)...~9B..b>X.#X$....,..$.;..".`.H.i.V.8.,~.......`...H..z. ...X.....l..8....J.&F.......#.......@........endstream.endobj.startxref..0..%%EOF.. ..536 0 obj.<</C 283/Filter/FlateDecode/I 305/Length 229/O 245/S 38/T 203/V 261>>stream..h.b``Pe``vc```............f|.......,.. ......c....@.[.=fc...,"....X...m.XB......5..10X.0Z161|...}.c._3.^...Z.^..... .1..?......p.....C?C+...0..&.)..f0...Y......R.P.30^.{...10..@e.X...........U)2p|......M.....].D/#.@....@....endstream.endobj.454 0 obj.<</AcroForm 493 0 R/Lang(en-US)

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\AGLNQAR.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):128144
                                    Entropy (8bit):7.884327149095471
                                    Encrypted:false
                                    SSDEEP:3072:z4xWxi4ez2I7Vzw5ZTfXJeIGEuUOkqV4OXbQLyg4/v2P:zqjePv0IuLVrbQ+YP
                                    MD5:EEA7673C23DC9C3DBD7ED58D27BE2CA2
                                    SHA1:365A483CC2A7CB19551821EC972BC31890F63125
                                    SHA-256:F44BB31B251956E1139429116D79CED2956BB3AA13455CF7478717019C973A4A
                                    SHA-512:9C6313AEEC7564631A550C9CA086DC8F11D7B7041F4E5694871104CA5A5E50584E40CC63415E7D18B08688E8458F4DB9A64983062D7EFA59D30AF0727A87C4C1
                                    Malicious:false
                                    Preview:%PDF-1.6.%......341 0 obj.<</Linearized 1/L 128144/O 343/E 105326/N 2/T 127763/H [ 514 272]>>.endobj. ..363 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<C294ED11B9D5EA44B90D7BF418749758><AFC1C51D24050C4F9440CB5264E79127>]/Index[341 40]/Info 340 0 R/Length 105/Prev 127764/Root 342 0 R/Size 381/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``f...wA$.?.d..f....A$._....n......`.f..&0...a....`.#A..O....h.........#......#M.....>.....4.V..endstream.endobj.startxref..0..%%EOF.. ..380 0 obj.<</C 185/Filter/FlateDecode/I 207/Length 172/O 147/S 74/V 163>>stream..h.b```f``..... .. ....,@Q.........0q...>.,....L.@.,..,..........E"....1/b..8.m.[8......[.[$...*.S...?00.^b`..f..B].A...k..iF ...9....@.L....d`.d...A.........T.>@..... Z..endstream.endobj.342 0 obj.<</AcroForm 364 0 R/Lang(EN-US)/MarkInfo<</Marked true>>/Metadata 13 0 R/Outlines 20 0 R/PageLayout/OneColumn/Pages 339 0 R/StructTreeRoot 32 0 R/Type/Catalog/ViewerPreferences<</DisplayDocTitle true>>>>.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\AGLNQARATTORNEYFEES.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):229809
                                    Entropy (8bit):7.545877206908681
                                    Encrypted:false
                                    SSDEEP:3072:tT49RAJEjfFCZXkzLBY5OIe+o+93ufu3AQtcsKoOKzJYLw1Nb0V8SVJi:tT49RAKrgkL+N593ufcJJFOKSCgV7Vs
                                    MD5:65AA47098768937E64D41AB02181F10F
                                    SHA1:B6771BF3C4DEDFF17958A49B09B7598445B3C73A
                                    SHA-256:CAD4011BCB6C54D810841D6FD2CB4BBE9BF347ADCFEF4B009DF975D22E3D8DDF
                                    SHA-512:55B166D8692CD6985450E3FFD65168B76661D01EED74FAD020C2D8003F1162FCE30A1601662CB42E675A9E955BFC19FDEC015D3BE56288F42ED841699E6B2FE1
                                    Malicious:false
                                    Preview:%PDF-1.6.%......343 0 obj.<</Linearized 1/L 130793/O 345/E 107498/N 2/T 130413/H [ 512 269]>>.endobj. ..365 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<C294ED11B9D5EA44B90D7BF418749758><687E6D8ED40BAB488A67FC1A2D859F4D>]/Index[343 40]/Info 342 0 R/Length 105/Prev 130414/Root 344 0 R/Size 383/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``.."..H&......~.&..HvF....&..".`v4....x.H. .Q.L..7x.........f.@...(..#..3...F......}..0../.T..endstream.endobj.startxref..0..%%EOF.. ..382 0 obj.<</C 178/Filter/FlateDecode/I 200/Length 169/O 140/S 67/V 156>>stream..h.b```f``..... ..A.....X..,.....U...:...m.v~..u0htt.....q.| -...`.H...o....0.b[.....z.......k..)......*720.^b4b..B].......iF .....q.....&.e...{2..2.....30....5..0.w. ...endstream.endobj.344 0 obj.<</AcroForm 366 0 R/Lang(EN-US)/MarkInfo<</Marked true>>/Metadata 13 0 R/Outlines 20 0 R/PageLayout/OneColumn/Pages 341 0 R/StructTreeRoot 34 0 R/Type/Catalog/ViewerPreferences<</DisplayDocTitle true>>>>.endob

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\AGLNQARATTORNEYFEESPR.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):199285
                                    Entropy (8bit):7.941456484030578
                                    Encrypted:false
                                    SSDEEP:3072:M+aFc4R3yoA64Lcx5pJd/oZ+qCGhOzfbn54FHAtueGIU45M6VPrAD8kIhiZpWaUe:A5+FIx/s+aCTGyU6ha8FQ/U36Wq
                                    MD5:78CD6DF80BAFE0FB51B75449D9034B74
                                    SHA1:4D5EFC1AC709C7D50B0317DF463B15502EF04F8A
                                    SHA-256:AB08BB5610DB8D6A8FC4751245EFD49295A375F9039BD6C46DA2EE4C8845FA3F
                                    SHA-512:C3BFC8991059F6CDB0ED0ED2085BAE0D516E9F2B251FE2331AFC4A8FEF955BDA69D1FDD3D942E646C757A2CEE71E6FB024033162EA040AF4451E93F9BD0DBD5D
                                    Malicious:false
                                    Preview:%PDF-1.6.%......188 0 obj.<</Linearized 1/L 199285/O 190/E 86823/N 2/T 198900/H [ 504 251]>>.endobj. ..207 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<2332A28254DF73449232E13C989168EC><01597D9B1BA2FA45AB0BC4CD2E150457>]/Index[188 33]/Info 187 0 R/Length 96/Prev 198901/Root 189 0 R/Size 221/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``z."...N Rd9...Dr....`.""."9k.lQ0..,..6G.D2D.I.-G....i........h.7X...".?...W.......=..endstream.endobj.startxref..0..%%EOF.. ..220 0 obj.<</C 159/Filter/FlateDecode/I 181/Length 157/S 64/V 137>>stream..h.b```g``:....P..A.....b.@..b-.C.H.Qt....::.@.$........4...EB.z..3Nd.f?.>.}?...A.d.)..........3.g(a0.j.`.P.........j.-@....~....@......\T...}.D-./@...,.....endstream.endobj.189 0 obj.<</AcroForm 208 0 R/Lang(EN-US)/MarkInfo<</Marked true>>/Metadata 17 0 R/PageLayout/OneColumn/Pages 186 0 R/StructTreeRoot 38 0 R/Type/Catalog/ViewerPreferences<</DisplayDocTitle true>>>>.endobj.190 0 obj.<</Annots 209 0 R/Contents[193

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\AGLNQARPR.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):107428
                                    Entropy (8bit):7.849499681740413
                                    Encrypted:false
                                    SSDEEP:3072:QmtXwWKWcakhpAvlw9Vh9QbG8cvxMeyagLt5xWlqHn:QOwJ9A9w9VzQydvCpLt5xWlqH
                                    MD5:CD536D15AA0D84E7C75FC9FCCB559CF6
                                    SHA1:522F97754E84B5374611C7D35CE12A94F214790E
                                    SHA-256:51730AC2985D53043E92F54466052C00A3CEB50FD22420C003F41341F1B3B500
                                    SHA-512:D7F8AB79C5A578B0E6B70CE31DE1EB64902BBB6E8D375E68B0CFAA00E04043C2FC331C315F6DF92992AEC1CF80DE044B6F17D4DEDDDF6980F8695F0160C3BCAD
                                    Malicious:false
                                    Preview:%PDF-1.6.%......177 0 obj.<</Linearized 1/L 107428/O 179/E 86777/N 2/T 107059/H [ 506 244]>>.endobj. ..196 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<2332A28254DF73449232E13C989168EC><23D257D08ADC934B9A4F03E3D3A8E011>]/Index[177 34]/Info 176 0 R/Length 97/Prev 107060/Root 178 0 R/Size 211/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``.."..I'.):.,..Dr<...`.!....5`.?....&..&(.H.H ......"..........:.....@.g`t...`.[..A..endstream.endobj.startxref..0..%%EOF.. ..210 0 obj.<</C 159/Filter/FlateDecode/I 181/Length 150/S 66/V 137>>stream..h.b```a``:."..1.2 . P...9.....V...E..|......`q `e`L9.... ...a.`x'b.8.}2.Y.^.....9R8...3.n.c`...p......M..B..b`.R.Y..........gb`.....g`\...... ..L..R..endstream.endobj.178 0 obj.<</AcroForm 197 0 R/Lang(EN-US)/MarkInfo<</Marked true>>/Metadata 13 0 R/PageLayout/OneColumn/Pages 175 0 R/StructTreeRoot 27 0 R/Type/Catalog/ViewerPreferences<</DisplayDocTitle true>>>>.endobj.179 0 obj.<</Annots 198 0 R/Contents[182 0 R

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\Application AGL.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):141736
                                    Entropy (8bit):7.829946404322489
                                    Encrypted:false
                                    SSDEEP:3072:2P6FCpYORpisDONgcdz3zYjZ2QwU0d74m0gFCQwj:lHgpwjCZ2F9imVC
                                    MD5:E50CCA441DDB30CA94C3D3CCFD463CD8
                                    SHA1:41A3EEB4DCE8F322629485FDA705CE82C0FBF40F
                                    SHA-256:80E327D31E9B151D61EFCAF591FB156682A12FA4D8624507AE3D250182952103
                                    SHA-512:76ACD91BD9F83C637DC436E0A1FED9B1BA10F2D6B6E770D59C6379A4FA71B6D4D2A332EB1ADA9AA61D6D13BB52C9014EF91688A89B2201175515913EB063EB18
                                    Malicious:false
                                    Preview:%PDF-1.6.%......523 0 obj.<</Linearized 1/L 141736/O 525/E 105258/N 1/T 141240/H [ 570 397]>>.endobj. ..555 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<93E801AC80BF2A2806173DC8C735FE9F><A327D3A223B53D4696AEF7CC1FAC0297>]/Index[523 66]/Info 522 0 R/Length 136/Prev 141241/Root 524 0 R/Size 589/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``..".O.H.z..t.,n........k09.LN..|`r7.d...>)`...d..d...6g2B.."...0.."...jn.E&..`.o..|!..&...............f.Mf`.............m....endstream.endobj.startxref..0..%%EOF.. ..588 0 obj.<</C 333/Filter/FlateDecode/I 355/L 317/Length 297/S 38/V 295>>stream..h.b``.c``ff```.6...0.1..G...8s..X5C.X6...)......@$.RG9fG...).6...+0...h..............2.l...$..=H9....0....e...! .a..[.......e......@....'.H....L...D.(2$2.e.f..p8p>.9.....i.......BCpC...&.6.......@.....N...j.~`.2X..MvPo..:...m.:....0...........C....\4......T]@....X..l.*.pU..L...U.*......G...endstream.endobj.524 0 obj.<</AcroForm 556 0 R/Lan

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\Application USL.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):83317
                                    Entropy (8bit):7.701870372082174
                                    Encrypted:false
                                    SSDEEP:1536:iK7vFmbYq5HYn+MQ9tC40vzVmk9YEFJ9uDJuVsrBCpsZX:v/4H+40rwKoZBCpsN
                                    MD5:E58BD940A9EC926FC6A0317D3F01B69B
                                    SHA1:81F1BB7D31CE39CEC888EEB67EA921710A7D8EFD
                                    SHA-256:7557A70E8C54D80EBDC72DE2B6DA198566B47EB7A4177F3F4973919E35186603
                                    SHA-512:4AFFF1DD84690F2B8156829A50B1AEEA174732DE77D1F6E24ABAC58F78BE15C5F8D816FB6D43E57643D9A38954C69AFEBB7D32609B0E1BE757A4699AC643C7CB
                                    Malicious:false
                                    Preview:%PDF-1.6.%......461 0 obj.<</Linearized 1/L 83317/O 463/E 51679/N 1/T 82861/H [ 534 337]>>.endobj. ..489 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<34DC2244E64D1AEADD7392ADF46A0014><F6617B1CB5C1F14398FD8196E153E386>]/Index[461 54]/Info 460 0 R/Length 117/Prev 82862/Root 462 0 R/Size 515/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`....'A.S .!.$.TA\m..R.w-...D.. b..`...aM %.A.0 . .....0...$..A,.... .. .n.......:.&F...)..t&.3....0.......endstream.endobj.startxref..0..%%EOF.. ..514 0 obj.<</C 255/Filter/FlateDecode/I 277/L 239/Length 237/S 38/V 217>>stream..h.b``.b``....G.3..F fa.h..O.1.U3..e........U..x>.zP........l......O.[..X>....!....\.Gl>.7....d.,.v2.a.`..i .@.@z....&.....@...".'.'.g0..p.3.1.`...A.CF.'P....^.q.U....g.g.g..$.@q......@.......j...,..\...10...{.A.-\.-....D..4@.....<...endstream.endobj.462 0 obj.<</AcroForm 490 0 R/Lang(en)/MarkInfo<</Marked true>>/Metadata 59 0 R/PageLabels 457 0 R/Pages 459 0 R/StructTreeRoot 1

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\AttorneyW4W9.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):978457
                                    Entropy (8bit):7.995769660474603
                                    Encrypted:true
                                    SSDEEP:24576:QNnac74cfHmsrtP6pKK1EntiuKp45cOTo1BP5:QakCsQpQiB2Z4h
                                    MD5:7D1A18AA01FB7293C8F459289673912F
                                    SHA1:F033CD6338C0186FA68CE5C5BE086BFD3AAB7385
                                    SHA-256:8431FBA0023F280346ADB0B788C0FCF816D2EF1298A27125A10482CA4636F936
                                    SHA-512:0B09FBFEAB4082746F20D85FCAA9BE0552A9CA4F4D49D820FFBA14CE61FBAC52EDCF466A1E01EE8A22EF269AC267E7D952FBE645D7186CADFAC5CC075FDE9F25
                                    Malicious:false
                                    Preview:%PDF-1.6.%......282 0 obj.<</Linearized 1/L 978457/O 284/E 215161/N 1/T 978032/H [ 633 328]>>.endobj. ..324 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<C7D1D5FA679CB5DCAD528A769AAAA522><862A326A34A83C43BA3E8690D1F0345D>]/Index[282 87]/Info 281 0 R/Length 168/Prev 978033/Root 283 0 R/Size 369/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``..".O.H.. RE.D.Z.H6.8./.d........?..r.Dr.....y3..}....I...`.. ..$....M..........96]`..p..-<.j..j.@...Xd"B.....=`...J.........~10120...b`......k...... +..endstream.endobj.startxref..0..%%EOF.. ..368 0 obj.<</C 249/Filter/FlateDecode/I 271/L 233/Length 228/S 38/V 211>>stream..h.b``.```vd.....P.#..0p4@....`..n`.0...X.c,.Y.X......q..`n..g`.sb.........g&....h..lm.h..l....h.%Fk.f/?.4........3.dhc.fhcX.0..1..#...!..).< ....a!.s.v LbX..(..d?b.........,..A^b.j\..Ua.;}... Vb...H310H..U.3.b..bT..0...0...endstream.endobj.283 0 obj.<</AcroForm 325 0 R/Lang(en)/

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\AttorneyW4W9NQAGL.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):955313
                                    Entropy (8bit):7.9956413724992546
                                    Encrypted:true
                                    SSDEEP:24576:qnacDchHmFtP6pKK1EntiuKp45cOTo1BPr:qaI6pQiB2Z4j
                                    MD5:36D425E1217CF7A7C9BF8F9DA52B9024
                                    SHA1:D84AB28676A26D53CE326BDA14882A34766E7FCC
                                    SHA-256:EDE399D190C40A25DB7B72F6AA657D4D34D61E48B7A2947DAD69BFA11FF11429
                                    SHA-512:2ADE67DC84C8F639E8CC75E44D21DB68B05F6ACC6AD2B4C193F01B486733E013A7CE8A7F8D345A988C0F056FF1502EAC8608708BE2C8772828E5A24B6391634C
                                    Malicious:false
                                    Preview:%PDF-1.6.%......282 0 obj.<</Linearized 1/L 955313/O 284/E 192011/N 1/T 954884/H [ 609 325]>>.endobj. ..321 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<C7D1D5FA679CB5DCAD528A769AAAA522><99B7CC412A2A7E47819239E3B9728993>]/Index[282 79]/Info 281 0 R/Length 155/Prev 954885/Root 283 0 R/Size 361/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``..".O.H.e ........{..R0...q....."k."S@$w+.d....3.f~...@.1p>...p....`............96]`5.."..`.~.H..dM...D...%`....A6...``bd`\.V..8l..........{.....endstream.endobj.startxref..0..%%EOF.. ..360 0 obj.<</C 243/Filter/FlateDecode/I 265/L 227/Length 225/S 38/V 205>>stream..h.b``Pe``.d```z9...0.1..G.......X5.3X6.A.1.m....4Vy.5,.."..Y.......10.z2.f`...bky1Z10[.0.20..b.d`..h.....V..q%.4.6...O.." .x.(.bF..y@.......2.2,fX..(..9C;#?C;C;.nd'.30_.......W.EU.......b%..H.'...$.......AT1*.......u..endstream.endobj.283 0 obj.<</AcroForm 322 0 R/Lang(en)/MarkInfo<</Marked true>>/Me

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\AttorneyW4W9NQUSL.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):1020953
                                    Entropy (8bit):7.995899412559434
                                    Encrypted:true
                                    SSDEEP:24576:Oy5Bnacd7kqcBHm/tP6pKK1EntiuKp45cOTo1BPq:OeaCQ6cpQiB2Z4C
                                    MD5:3D2AEB9EA62224A872935F3C738F704A
                                    SHA1:E2637C7547C5DB4E2B755D0206DB3E58CD3CC65E
                                    SHA-256:13607BAF4E4B60F79F53215018DD2B3EC3D2DAFD87A763C88650E67E5021DE75
                                    SHA-512:B065A948D73F65079BCEB4AD8D9806742CD7A90FD358C2D5248A205915DDB7E8AC54542E96DC4B27D5985339EC65D7C57B488A0B7EBA7977DA789958639FB25B
                                    Malicious:false
                                    Preview:%PDF-1.6.%......282 0 obj.<</Linearized 1/L 1020953/O 284/E 257640/N 1/T 1020520/H [ 657 334]>>.endobj. ..327 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<C7D1D5FA679CB5DCAD528A769AAAA522><7DF0925A2771D947A3E0C9F373D4596C>]/Index[282 95]/Info 281 0 R/Length 177/Prev 1020521/Root 283 0 R/Size 377/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``>.".O.H.. ..L...I...v.D..E...u`.`R.Dr..H.H..?.l...H8.d.......a.}.P....Z....0..,;.d.c,..x..f9XM.........e.............L..`5^K.....r....p30120...b`.%.....K.....d."S..endstream.endobj.startxref..0..%%EOF.. ..376 0 obj.<</C 256/Filter/FlateDecode/I 278/L 240/Length 234/S 38/V 218>>stream..h.b``.f``.d../.2..F fa.h....J1.U3x.e.......X...dmc.`y........>.s...<..@O....>3Al-/F+.fk.F[.....@...x.f.f.O................3.d.......G..1.\ |.......<.......O...Z..p..#.$F~.v~T..3.\.....W.j.........z.X..?r..fb`...Rg....Q...`...3...endstream.endobj.283 0 obj

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\FAQ_Beta.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):3003319
                                    Entropy (8bit):7.758442086366743
                                    Encrypted:false
                                    SSDEEP:49152:Q9fYdZVKYGZDqTRFgXu3i/Mxmg4+Q/g0B+Uc7NVLrPnnpDL4iSSK6+TVXO6dDXww:Q9+VKfVqTjgXu3i/Mxmg4+Q/gPUc7NVk
                                    MD5:78E107CA6FCE0678A4CA651B11B8B974
                                    SHA1:74F2942FB8CECF2623B4B47BB436AF932254828A
                                    SHA-256:17CDFFB01C18FDD0C50368E5023F3EFC9005E1FDE9D613830C72D7FE08601C1A
                                    SHA-512:3B9F351137EB708507F8928193B751051AC64832942DE192063653A61E876E694AE86FAB4B197002AAC2EFB2C9C506BA384B55B2AE286E20E6C486199797569F
                                    Malicious:false
                                    Preview:%PDF-1.6.%......2968 0 obj.<</Linearized 1/L 1583267/O 2970/E 63462/N 23/T 1578435/H [ 537 338]>>.endobj. ..2998 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<B00CB25E84F14134DE1DD31C2B9D09B4><D23DDC75F46028408F7FE46C1673C535>]/Index[2968 39]/Info 2967 0 R/Length 120/Prev 1578436/Root 2969 0 R/Size 3007/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`.....@...H0...B..m...H.H......D.t0=...b.... .g............@bk@. V..P....$.=.......@..(...2....7..{./.......k..endstream.endobj.startxref..0..%%EOF.. ..3006 0 obj.<</Filter/FlateDecode/I 336/L 320/Length 242/S 215/V 298>>stream..h.b``.a``ja.``h.a.d@.A.&.V.....l.....P...T..6..&...n.z.-...iJsH6..V....I.M..3.._-*....3g.(L.HQ<....V0T.7>.N0..$[..... .....=.Y.)....Q..8..?0TXs.h.l.?l...x..7.6\j8..6E...v..CR....s.>...O.....A.)..`...#....$X. ....|!.....>#/@....S]...endstream.endobj.2969 0 obj.<</AcroForm 2999 0 R/Metadata 2832 0 R/PageLabels 2961 0 R/Pages 2963 0 R/Type/Catalog>>.endobj.2970 0 obj.<</Cont

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\ICC18-107709Compact States.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.7 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):513942
                                    Entropy (8bit):7.987042825688715
                                    Encrypted:false
                                    SSDEEP:12288:BEv4eK/KtDZbie/QEoBrBUkAqWaVZ+sSrXi6XgtjW:4Lt9bp0BNpAkVS7D
                                    MD5:6413AD212CE50B8AC751943D2792808E
                                    SHA1:B84DA3F0915AD006D8CF8576B203CD827A05DAE5
                                    SHA-256:2DD31FDB04AADFD203191D2C1801C25C6286073F774404049FF6AA10FEAE7458
                                    SHA-512:69690EACFFBF9CBB3A5B19FA59DEE0065EFC013EA918DC84B394314791E77F842A5009A53D06FD6374DC5EC02C2ABFCE310C7F30F48B06FE009D2F942827F8D3
                                    Malicious:false
                                    Preview:%PDF-1.7.%......467 0 obj.<</Linearized 1/L 513942/O 469/E 30191/N 1/T 513510/H [ 516 306]>>.endobj. ..492 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<968B9D62189B45229975054E7A33CB53><4630069BB0F9614CB6831115EE7A737C>]/Index[467 48]/Info 466 0 R/Length 110/Prev 513511/Root 468 0 R/Size 515/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`V....@D$.`...,. .E ...D...m.I...X .c,..}.b-...| .....y.K.....u.$..b.....@.w...#c.....Hk.?........v.h..endstream.endobj.startxref..0..%%EOF.. ..514 0 obj.<</C 240/Filter/FlateDecode/I 262/Length 200/O 202/S 38/T 160/V 218>>stream..h.b``.g``.......P.#..0p4@.%{....,..........;.o[.DN~.....%.......9....v....,..2...,....T(....po. ....`.(............U....t.....d`_..u...i..0...."[.l..+....4....p.*U..6)...4..:..WB.2......./...endstream.endobj.468 0 obj.<</AcroForm 493 0 R/Lang(en-US)/MarkInfo<</Marked true>>/Metadata 42 0 R/Outlines 81 0 R/Pages 465 0 R/StructTreeRoot 89 0 R/Type/Catalog/ViewerPreferences<</Direction/

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\ICC18-107709PuertoRico.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.7 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):642207
                                    Entropy (8bit):7.990843799196708
                                    Encrypted:true
                                    SSDEEP:12288:GcHPbW8ojv4eK/KtDZbie/QEoBrBUkAqWaVZ+sSrXi6X6:vvbWlzLt9bp0BNpAkVS7c
                                    MD5:4A7DBCDF8ABC68FC44391728430A8BC3
                                    SHA1:298433179BB9C5AA556D7418DD23BCA706A80951
                                    SHA-256:D2E25B96C703F52BD0E20E9B19BC150AC9568BE27AF13EDABA6192C9A213F7DE
                                    SHA-512:A9AABF715F9F0F7B7BE106A48E7B75D33DD95681F614E93081C15CCE79E408703D404E5607465B570F9AA89A76B71923D379D616BAE8A44BEFAC4EF069B99816
                                    Malicious:false
                                    Preview:%PDF-1.7.%......467 0 obj.<</Linearized 1/L 642207/O 469/E 44899/N 1/T 641774/H [ 537 305]>>.endobj. ..495 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<968B9D62189B45229975054E7A33CB53><00F719AA9DD3B543ACBAE100D8BC0BD8>]/Index[467 55]/Info 466 0 R/Length 119/Prev 641775/Root 468 0 R/Size 522/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`.....@D$..x....$....M ..$..H....V.:...c,..`..........2......w.d.(H.....6.4..?..6...*.L..I@....@...._.....I....endstream.endobj.startxref..0..%%EOF.. ..521 0 obj.<</C 254/Filter/FlateDecode/I 276/Length 199/O 216/S 38/T 174/V 232>>stream..h.b``.b``z......P.#..0p4@...........|,......XS...8.+..:...9.....F+.+..s........L.Bz.?..&.N...I.j2......H...p.......2.....~&.^...`..d7i3p.......4..@...v9T..........o..Rg...2h\...1p........`...,...endstream.endobj.468 0 obj.<</AcroForm 496 0 R/Lang(en-US)/MarkInfo<</Marked true>>/Metadata 44 0 R/Outlines 83 0 R/Pages 465 0 R/StructTreeRoot 95 0 R/Type/Catalog/ViewerPref

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\KeyNavGde.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.7 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):40509
                                    Entropy (8bit):7.776947763413212
                                    Encrypted:false
                                    SSDEEP:768:Up5oMEOrUqebsL9elWE8E7FDckNFQW4ngWPQFOJVqsfhhDwEMnuzA:UpuMy5ME/wk14gSTVfhhDrMnQA
                                    MD5:E83AE1AB08C82C2123D1128AA2A907F2
                                    SHA1:E287FA7D116C5700FD8AF7A88DECF1E5399FEEF5
                                    SHA-256:7F8027740561C30DB05F9D9D013DD11900AF4D8FC0C7D83CCE1282051D4E5289
                                    SHA-512:6E92C670F32A510CD4C45E1B16D2BDC1010DEEA45A337832CC1C540330140AF1E4FAF766B3DEDA2743986614AE6CD6A53C55B68CE52D740DBA026E4009C79356
                                    Malicious:false
                                    Preview:%PDF-1.7.%......332 0 obj.<</Linearized 1/L 40509/O 334/E 30702/N 1/T 40175/H [ 480 175]>>.endobj. ..348 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<5D70C8EBDA79364F9E8EBD8A8221B9A9><717C9563AD9E734EBE3BB9CAFC74DDAC>]/Index[332 36]/Info 331 0 R/Length 81/Prev 40176/Root 333 0 R/Size 368/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`....S@D?..].....,@.9..... .'...q...C...L..M..]O....o.$...N.g... ..K..+..endstream.endobj.startxref..0..%%EOF...367 0 obj.<</C 91/Filter/FlateDecode/I 113/Length 89/S 38>>stream..h.b``.c``*a.........Y.8.......!...)+0.....'..Ff...U.w.X......`....a.......0.."....`..]....endstream.endobj.333 0 obj.<</Lang(en-US)/MarkInfo<</Marked true>>/Metadata 5 0 R/Pages 330 0 R/StructTreeRoot 9 0 R/Type/Catalog/ViewerPreferences 349 0 R>>.endobj.334 0 obj.<</Annots[329 0 R 325 0 R]/Contents[336 0 R 337 0 R 338 0 R 339 0 R 340 0 R 341 0 R 342 0 R 343 0 R]/CropBox[0 0 612 792]/Group<</CS/DeviceRGB/S/Transparency/Type/Group>>/MediaBox[0 0 612

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\Lockin.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):106603
                                    Entropy (8bit):7.840028237607436
                                    Encrypted:false
                                    SSDEEP:1536:yvWvelLTdoW+fuhpr+UvvTz6/QtEHz1p3ZxsztmJ+0Qy9AiNL7n13JsjDFtTvtoy:IvoklaAE3Xqtms0Qy9j1p3+jvOjoNb4s
                                    MD5:B6C726B20718CA0132305896C3165881
                                    SHA1:D3199349E10DF0850561538ECC80A6AC41FCFAC2
                                    SHA-256:F66BA70BAF3AA67A492A4AC334DCCC5A3804444302AF459579F612F337883ABA
                                    SHA-512:A4EC4C6FC1B6B7B57F6C0D20D0B9240C5FD4A10F56E1CFA1C9BA76377DBBDF210AC4E5716ACBB3B8BA5DBF6CC73460638C29A33980A477C70BE92A05BD84CBBA
                                    Malicious:false
                                    Preview:%PDF-1.6.%......171 0 obj.<</Filter/FlateDecode/First 75/Length 839/N 9/Type/ObjStm>>stream..h..mo.0....?....N.$R..K3......V.C..D.I....... @Z."s...w.....d...cR...."..E*..0!".......B..gR..:.I......t......._.3g..`...|Z..|...xPL....9.u:N\......9?....\c.&..f....`...Z.Y..$!o..*2N.........]H.+.......+...~.<..|Q.@(g......g.|.\I..............#i.d.f/g.2M2v..e...(.L.ui.4s.,........7..W....g..i..g:_..i.M....*..i7.g.qg\.....3yy.d.{(..(..vk..h.d...P.....4..t=..rU..IY..M...7v.X.....~.0.I.[SV..{..j.^.._'..f.b. %....~.d.R.1.i....+.5..gw...S..i...FuT.S.Ks.#........>.KMl.u....Z.a...e..B..Gp..V.........[Y..!..I.a....7!...O>^]...d7...E.L.c........N....R.N.j.:.w....u..i.-..W*..HI.f.n.~..l.|.........1...|nz!d\..=.k.n.w...o.@...>......-.&u7......Wd.7..Z.c=..C...`..0.^./<....;........8..@.....}.7..h....Sk1..V-.....Q......K.]...+...+r[.....]`.?.,.FQ.-...w..e.SQ.....B..u{.....$..F.l......... ./..98....endstream.endobj.172 0 obj.<</Filter/FlateDecode/First 6/Length 52

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\SettlementAgreement.dot

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1252, Title: Settlement Agreement and Release, Author: u40as36, Template: SettlementAgreement.dot, Last Saved By: u40as36, Revision Number: 4, Name of Creating Application: Microsoft Office Word, Total Editing Time: 01:04:00, Create Time/Date: Mon Dec 12 20:17:00 2011, Last Saved Time/Date: Thu Jan 12 18:10:00 2012, Number of Pages: 1, Number of Words: 2004, Number of Characters: 11427, Security: 0
                                    Category:dropped
                                    Size (bytes):49152
                                    Entropy (8bit):4.109705261583923
                                    Encrypted:false
                                    SSDEEP:384:f4H0YxgeCJeoYV5/zZgSPqSUbKIL9k5SE4mQU49P:kIe1/zGSPqSYLx/P
                                    MD5:7DA1F34A7D6FDE1380D1E0E31CD58D25
                                    SHA1:85913D1604F35252ABA848DA3E41EED25A9469EC
                                    SHA-256:4D0DEFA6648F1537854142D30895604E54BADB6A92996E7364E397E02985BDF6
                                    SHA-512:7A2891F5467BB1166D296FF3EDA969F5788AB8E9148E6D514AB9E4A64124B4238CFE88069A37B846534988C1910AD42070EA6B5F0CDFD2F02138B52280088327
                                    Malicious:false
                                    Preview:......................>.......................[...........]...............Z......................................................................................................................................................................................................................................................................................................................................................................................................................................................'`......................w<....bjbjLULU......................5j...?...?..w4............................................................................................................................................2...........................................,...2...............................................................................[.......].......].......].......].......].......]...$.......h...r.............................................................................

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\USL UQA Form w-Atty Fee Language.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):272888
                                    Entropy (8bit):7.880008251251087
                                    Encrypted:false
                                    SSDEEP:6144:Qq+QMUb8d4/5w2PI81H3bYK8/qMtR5utY2mdM7eYSwtYehyjm:v8d422A81H98/qMn5smpi
                                    MD5:9819EF945A0A41379ED505DC8D56D81A
                                    SHA1:0F33220D5309E803F6B05553B1CDA67B1F6179AA
                                    SHA-256:AC83C881333B05FFAEEA77115C840DC644E35B00EA9E8781C05083AC42F38073
                                    SHA-512:DDBF9775E09C4FAD190DF713FDEF1A8D7660B7DC1EFEF6495E8F661C6277D6A2F1E03B9862133B9C89A5D7DD8321D0C440711EBF660D46ED12E83528552C0893
                                    Malicious:false
                                    Preview:%PDF-1.6.%......286 0 obj.<</Linearized 1/L 254172/O 288/E 172116/N 2/T 253780/H [ 522 277]>>.endobj. ..312 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<F62FFD8A8B0636761D1D2F028298AC03><260C33EAA9816F4EAE8133574FC3532A>]/Index[286 50]/Info 285 0 R/Length 118/Prev 253781/Root 287 0 R/Size 336/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``....'@$.S..:.D2......I`.-..V.&Y.$'.4...`.:.H.i..$........d..v......,r.....H.K........,..8`.........(P.r..endstream.endobj.startxref..0..%%EOF.. ..335 0 obj.<</C 188/Filter/FlateDecode/I 210/L 172/Length 177/S 64/V 150>>stream..h.b``.d``......... ...203...9>..k``...Sz(q..A..A...,..\.........E"...zX....|g.didSd].......9..k.m....+.k..*.& ..1.!..wAm.g`^........w.0....Q.. .``^..H330H..U.10.U..b...0..."...endstream.endobj.287 0 obj.<</AcroForm 313 0 R/Lang(en)/MarkInfo<</Marked true>>/Metadata 20 0 R/PageLabels 282 0 R/Pages 284 0 R/StructTreeRoot 43 0 R/Type/Catalog/ViewerPreferences<</DisplayDocTitle true>>>>.endobj.2

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\USL UQA Form.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):117222
                                    Entropy (8bit):7.879255865935963
                                    Encrypted:false
                                    SSDEEP:3072:f/tvlkhwYklB1gTpW+ZCk8FJU1fa7ZBfT:3VMwVlCk+ZQU1UZB7
                                    MD5:1851C59818FFE86CA64F30D83FB6EF71
                                    SHA1:C2F36E64CD566F46688466FC6C4F019D73017E59
                                    SHA-256:48188F3B1CA3B0E7B2B53EDA3EC70A7BDC11A4CA43E5C46801DEDA29AF64D824
                                    SHA-512:6BF614659FE05C9F402787A3DA291542C4D27F6A567B6B413A76C551361F61E6CE78CC1E9FD25B6AB4A97F9B96325ADF7CFC1DB704A28FA93E4DD3600C1A6CD7
                                    Malicious:false
                                    Preview:%PDF-1.6.%......199 0 obj.<</Linearized 1/L 117222/O 201/E 99627/N 2/T 116868/H [ 492 235]>>.endobj. ..215 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<40E68B9821B75A4BA4025F8D9A61804A><41F60C405B00A54BB56797028B970137>]/Index[199 25]/Info 198 0 R/Length 82/Prev 116869/Root 200 0 R/Size 224/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`:.$.e@,U ...by.... ./.`k..n b..x..].b......c. S......,..F...F._.......!..endstream.endobj.startxref..0..%%EOF.. ..223 0 obj.<</C 150/Filter/FlateDecode/I 172/Length 135/O 112/S 58/V 128>>stream..h.b```."......P.A......!.=.....000..e.h.......30.2...G.*..5X.X.Y...g.c.`):..r...........x.4+.co?..t.n&...L ... `...b`<^..+..`..L.<..endstream.endobj.200 0 obj.<</AcroForm 216 0 R/Lang(EN-US)/MarkInfo<</Marked true>>/Metadata 8 0 R/OCProperties<</D<</Order[217 0 R]/RBGroups[]>>/OCGs[217 0 R]>>/Outlines 14 0 R/PageLayout/SinglePage/Pages 197 0 R/StructTreeRoot 22 0 R/Type/Catalog/ViewerPreferences<</DisplayDocTitle true>

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\USL UQAR Form revised - Fillable.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):106891
                                    Entropy (8bit):7.8977765803911995
                                    Encrypted:false
                                    SSDEEP:1536:sPfUe3gDAoKV4HOQMuwT0GCxuDS0/EJOsKMTBV/+XIjAK5FpQYYn1F5oVnxyQVdZ:he6bTRoFCxutsFlbEIjA4Q7n1o7NHd
                                    MD5:405079153FC0FEF08F43922288B04BA3
                                    SHA1:F81ADC9F54FFAAF520FBD4416F3CE89F4F62E100
                                    SHA-256:B7472EBCD5347F5ABD5C1F748E06C2E678A761D20784A6E6CE5BFA87AF337BB3
                                    SHA-512:8A0697F1E15532671CBA518FF2ECA6A72450F736123E9A64E8598433B4FE498E4150DF62B7DE7C615CC1648F95B59F09A0009259838239908C3AFC3A4DDB1A3A
                                    Malicious:false
                                    Preview:%PDF-1.6.%......246 0 obj.<</Linearized 1/L 106891/O 248/E 89119/N 2/T 106517/H [ 494 272]>>.endobj. ..264 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<7EBFB42BA66BC306AC66C7E535374BA7><A6E96FE44E77C643AD08E575FA069204>]/Index[246 33]/Info 245 0 R/Length 85/Prev 106518/Root 247 0 R/Size 279/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`z.$.o...@.."H...x.$X...k.!.".@.-...".A:D@z#...0..6..#C+....H.........C..3..endstream.endobj.startxref..0..%%EOF.. ..278 0 obj.<</C 179/Filter/FlateDecode/I 201/L 163/Length 166/O 125/S 62/V 141>>stream..h.b```f``:....... ...@.. .......P.Q..{..........00&..i. ...D..=......Y.X...f.eid....y7......Z.\...%l..);@&.Q..fg`LS..n.....p."...........N.?.W...8.+.,E.......d..endstream.endobj.247 0 obj.<</AcroForm 265 0 R/Lang(en)/MarkInfo<</Marked true>>/Metadata 12 0 R/Outlines 19 0 R/PageLabels 242 0 R/Pages 244 0 R/StructTreeRoot 27 0 R/Type/Catalog/ViewerPreferences<</DisplayDocTitle true>>>>.endobj.248 0 obj.<</Annot

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\USL UQAR Form revised w-Atty Fee Language.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):139300
                                    Entropy (8bit):7.895360517616584
                                    Encrypted:false
                                    SSDEEP:3072:+dFKSyBPRrwpSCqxzrtV4lRr4/u/wToKLhm08sAtcRJ7idJ/urRtvK5cx:+nKSVSC6vtulR8m/wT9LosAt8udJ/YXH
                                    MD5:E8F2CD3851ACB7EE2D2BE87054765BBC
                                    SHA1:5863F4ADF0506833C89618925C571E9ADFDEFBB6
                                    SHA-256:270E6913A53080BA0F77B1F4F4D21864D2D2F80D40C2BAAF6E02EBB8875D6FAF
                                    SHA-512:084C4DEF0C2280025F5C51DD048831A723B47ACBD2CA93A985082F3515F4B9C5839D2A669803A32B6C44B9160A0A4F70021FE27BEDB966FD2C52D797681183C6
                                    Malicious:false
                                    Preview:%PDF-1.6.%......311 0 obj.<</Linearized 1/L 139300/O 313/E 84206/N 2/T 138913/H [ 507 251]>>.endobj. ..330 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<06265E82E8746945809BE4CE3AD1C468><A5C6D603BC22B246A79230F79BD78EF7>]/Index[311 33]/Info 310 0 R/Length 96/Prev 138914/Root 312 0 R/Size 344/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``z.".... ...,..Dr..'... .c......`...|.&...A$C$.d.i.g........x.,..H......W.....,.@..endstream.endobj.startxref..0..%%EOF.. ..343 0 obj.<</C 163/Filter/FlateDecode/I 185/Length 157/S 66/V 141>>stream..h.b```c``:......A.....b.@.ao..C'X.c................30^.....X.,...=...c;.5FKN=.P.E.U...]./.N10l...`m.....`..b)....@....p..30.8.....d..".L...........E."..endstream.endobj.312 0 obj.<</AcroForm 331 0 R/Lang(...E.N.-.U.S)/MarkInfo<</Marked true>>/Metadata 18 0 R/PageLayout/OneColumn/Pages 309 0 R/StructTreeRoot 37 0 R/Type/Catalog/ViewerPreferences<</DisplayDocTitle true>>>>.endobj.313 0 obj.<</Annots 332 0 R/Co

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\USL UQARP Form.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):128788
                                    Entropy (8bit):7.894479216888567
                                    Encrypted:false
                                    SSDEEP:3072:nWrmIaEC6s8wL58II/x7/Emp7y1NERCANJSsRx:n9RLy/pM1NGCoSI
                                    MD5:B7DB22A7111C1FA3E30395F8FEB21703
                                    SHA1:E8CE2382547F65E2E8327171C751E8FF7C0641E6
                                    SHA-256:3B75D91805108B8F9288C177A84964117B1C8687D223EE62A6B231D7F7DF52FE
                                    SHA-512:E89AD388024B0F1AFA08CD1BD3FBBC77303B71DA08A75840F7C02228FDFF8E3537CEDB10FBCE7F4F8308477039A5CD27703EFEA32EED20F54F7C7CFAC2343228
                                    Malicious:false
                                    Preview:%PDF-1.6.%......317 0 obj.<</Linearized 1/L 128788/O 319/E 106646/N 2/T 128414/H [ 497 243]>>.endobj. ..333 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<B2E762AC480EC247A4A4F2571A697D69><7E4CB4DB4CF12E46A9B3AA32215F56D4>]/Index[317 25]/Info 316 0 R/Length 89/Prev 128415/Root 318 0 R/Size 342/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``..&eA$.*.d...x......."9..H.%..c0..L.....d9.d<..$...e`bd`<....M.......@......&..endstream.endobj.startxref..0..%%EOF.. ..341 0 obj.<</C 154/Filter/FlateDecode/I 176/Length 143/O 116/S 58/V 132>>stream..h.b```.">....n}.A......!.....-....g.8..;.| `a`\}.H....X..H.`..x..2.1.+..i...N.....>.....5...q-7.f.".....N..g..w......`.....20~.....0...._..endstream.endobj.318 0 obj.<</AcroForm 334 0 R/Lang(EN-US)/MarkInfo<</Marked true>>/Metadata 11 0 R/OCProperties<</D<</Order[335 0 R]/RBGroups[]>>/OCGs[335 0 R]>>/Outlines 18 0 R/PageLayout/SinglePage/Pages 315 0 R/StructTreeRoot 26 0 R/Type/Catalog/ViewerPreferences<</Display

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\USLNQAR.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):227745
                                    Entropy (8bit):7.536509643577292
                                    Encrypted:false
                                    SSDEEP:3072:yQi9aMs7XfNYZfqsbyGzOBo1jNqx4u6P/S6teaspSk6UWbeTV31tXOV95V5c:yQlbfNYJXzIo1ZqnutRk6UWCTVnOVVK
                                    MD5:199890CFAF08226FF6B4CC3329A86405
                                    SHA1:0D70372D375B295BF7BD54586A0CC7566D2BD7D5
                                    SHA-256:D09C14BF997E397C9732FA6796DB573026261AABB6AE01FBE5D683FD9DC727E3
                                    SHA-512:86DD9A1997A29E546A4885DA63FCD392CAD0F9DB346FC8331ED26765162CF18B19826A11396CB99240E5B6AB10F4B99FF752DE1E79039D371FB6BAF035DBEC57
                                    Malicious:false
                                    Preview:%PDF-1.6.%......342 0 obj.<</Linearized 1/L 128990/O 344/E 106085/N 2/T 128608/H [ 512 271]>>.endobj. ..364 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<0D8431CB74EF2848B0FCA28AEC67B07E><E85A1114467C0F4A8C0FB7E47D9859E0>]/Index[342 40]/Info 341 0 R/Length 101/Prev 128609/Root 343 0 R/Size 382/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``.."..H&........"...l....0.."...#....'..N`r.X/X.C$....g3.......Mcd`|..a`.....q.G.......T..endstream.endobj.startxref..0..%%EOF.. ..381 0 obj.<</C 185/Filter/FlateDecode/I 207/Length 171/O 147/S 74/V 163>>stream..h.b```f``..... .. ....,@Q.......@.n.8Oo.CI.......&. .......u.....C."....1/`..h..m1...)......Y_..3.b`X.......C.:C>..B.bg`.p.H3..P....q.,........[K..2.O...30~5..5..0...!...endstream.endobj.343 0 obj.<</AcroForm 365 0 R/Lang(EN-US)/MarkInfo<</Marked true>>/Metadata 13 0 R/Outlines 20 0 R/PageLayout/OneColumn/Pages 340 0 R/StructTreeRoot 32 0 R/Type/Catalog/ViewerPreferences<</DisplayDocTitle true>>>>.end

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Forms\USLNQARATTORNEYFEES.pdf

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PDF document, version 1.6 (zip deflate encoded)
                                    Category:dropped
                                    Size (bytes):251943
                                    Entropy (8bit):7.604878287735513
                                    Encrypted:false
                                    SSDEEP:3072:fea/MAAT3vRSoGdxiADgITsVsMwuURRBIv1rlIuXF6RiXcTRiHB6jpmbn5ZKwb+:feb8iAcITNMsHBslzQCcT8HUpWZKwb+
                                    MD5:6FD7659311D60AEC031C256CDFE786DE
                                    SHA1:A5421A9A85D8952FAEBE2697F34E1E03836AB0E2
                                    SHA-256:A1F7D094AEEC942212DDE9BCEEE6DC152EB90660D428CAB4731AC30B2255A0F2
                                    SHA-512:52D5267FE66799DF51BA4DD5668FA0EDEC878A34B783C9FEAEEF6802D9A65771487C216C18476E6A50559AB8B7ED1CD3595911656AF59FB6251095CCCF0C5EA8
                                    Malicious:false
                                    Preview:%PDF-1.6.%......350 0 obj.<</Linearized 1/L 152687/O 352/E 106047/N 2/T 152297/H [ 512 267]>>.endobj. ..372 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<0D8431CB74EF2848B0FCA28AEC67B07E><DAA41AB54D05A7418C2795F68BE0FA47>]/Index[350 39]/Info 349 0 R/Length 105/Prev 152298/Root 351 0 R/Size 389/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``.."..H&......~.&..H.? ...L*.IW.x....&...z...&#A..... 6ci5..`..$...d`bd`....Ae.?...O.....`.R..endstream.endobj.startxref..0..%%EOF.. ..388 0 obj.<</C 179/Filter/FlateDecode/I 201/Length 167/O 141/S 68/V 157>>stream..h.b```c``........ ...@1V .x0.....r....o`...`P..h..U.....b...8X$.A....D.).s......g}......%k..)......J...L.1.3.....A\.L.2@...n.in.&./.>.-..x.....i....E....wC............endstream.endobj.351 0 obj.<</AcroForm 373 0 R/Lang(EN-US)/MarkInfo<</Marked true>>/Metadata 16 0 R/Outlines 28 0 R/PageLayout/OneColumn/Pages 348 0 R/StructTreeRoot 40 0 R/Type/Catalog/ViewerPreferences<</DisplayDocTitle true>>>>.endobj.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\Addendum_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):192
                                    Entropy (8bit):6.839865365169284
                                    Encrypted:false
                                    SSDEEP:3:tpe8vBnGEN82pzEyC9csmFonXZVtqQSp8DdmuzMP4dqJvXF1zl8jCueE/VlwMr6W:vjvBnGE22yvc6pVtbTkuzMP4KF1zlyCM
                                    MD5:05DC7B2D6F59A32DF9756CE137ADDE01
                                    SHA1:5C1BD2BC88C5123B9E951FA45DAE0037643F09C5
                                    SHA-256:C488AAD485A3D5BB3DC5FB23587115EC7679B4DE27FAC9B22EE8AE801E462B96
                                    SHA-512:FF405C763CCADE71B8FB1C943C10DCF70BA4CEEBB3F87ECFA6BD18A8BF4516BC254B2188323D5030449760E85C2E7BB0B340D0E3B02A2588F046F339D79ACC6D
                                    Malicious:false
                                    Preview:.y.>7............i.2.l........q.e......1./...Pf..:y)....)..H.)..\...."o.+.m.e..2......z...[.SD`.O^....H.....X..bf.si;u6..*.oB:..........a..)G.....V..hO....{B!.).X...o]i).V..[.{.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\Addendum_ES.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):176
                                    Entropy (8bit):6.875374871367582
                                    Encrypted:false
                                    SSDEEP:3:tpe8vBnGEN82pzEyC9csmFonXZVtqQSp8DdmK5J4ncYI6vUxeu+Dz/pcl7dzn:vjvBnGE22yvc6pVtbTkKL4o6vUpQ/pst
                                    MD5:8237CFDDECA5941B3A9E1418D56DEEA8
                                    SHA1:9CF25B70FE201C8171F28ACDCF5B9D14EC5D76CE
                                    SHA-256:8D54162C9AD0DE9D332A3C19F2879BBF6C4C44C2179219A09CB5DBD256095D8A
                                    SHA-512:D721CB5722DA4590E88D250F4A47354C59F56741D31D318B785C59A1834B855C377E020686EFBD4C983FBF89DAC9783F1E96FF4A7D7FEC4FB040465BCBEDC949
                                    Malicious:false
                                    Preview:.y.>7............i.2.l........q.e......1./...Pf..:y)....)..H.)..\...."o.+.m.e..2......z...[.SD`.O^....H................b-..J1..Z..\.H.'ng..`Y.......|.W>u.Q..P.h....j..4V.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\ApplicationAgl_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1664
                                    Entropy (8bit):7.896648900445802
                                    Encrypted:false
                                    SSDEEP:24:Ti43H6roglgEW/ihIjkI8YQAk0HQFQkScnoJg9XLZL2tXXBjSmkm2zGPtrFGfsWm:T5aVlgEl4C8HkQkSksgTL2tnBNkmJrr5
                                    MD5:BA584C91B230BE4CC4B5B91153BA3967
                                    SHA1:5705D32DF48DB538E13EB4697256D54D0DADA062
                                    SHA-256:C423D3BC64616BA1BD7D563F7FDEAE2A469340D53312373F6D886CFF597A6D0C
                                    SHA-512:DC549585F49B95ECB24CFC8931225BA8679898C23A196E00D8E3E1A56AD287D3B2888324E6E80C58F73A595F409E715A32037A08B447204698CDC23DAA8C7E87
                                    Malicious:false
                                    Preview:.y.>7............i.2.l........].^.N...:?....gwf...(..zd...'.Y....qB.....#..s...d...R.....Y..^.9....C%^K\...O..)...&..L....'DQT.xp...t.....7....>..p.p..].[...d..$Qt..<..kS..;..L....d...e.I.`z!Q.5+...{...O5....J../..lX.=.X.hb...ju..%~Y[.9..%.zPy.l@G|. .d.w..`....h....rR:..cV0.}XB.W....R\.T......=...q...y..h.a.....Y..M.k?....):.+.J&..$...N,..<......d...t....>}....W.ZE.,.,,B^...E.)..9........@'tF.....U.[...o:s....?..<...;.Wg8...za...z...8E..Y.~.|...).r..Q.4.l...........v...N.....'...wg...RI. .%NF.a.^.....7e..\j.B..B.....H......a.WEq..22.8H..fN.L.'.X.%...bev...c.*........s....u@.2.~n.b..b.......%<l....V..7M%bz.t..C..*...Yh.T....w.....j.0........^.....i+...C.S.9....pV....:.t..~!..& &o.f.\..w-Q.m.T....l.A......zld.yV...^M...A)J....i'/Retc*n5p.~....1 ...3...)..@S'.u)}.xGv........i..K......>....6...u..cJ-d..$(d..........z.p^0O.lcm.....3I.../.u..%..e..kG.........J1..a....C.P7...$.+....P...C.d5._..R.S.4...#...eN.N..@..8..T^.../#lJ..F..%;4.F.dq.{.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\ApplicationDocFieldMapping_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):5952
                                    Entropy (8bit):7.972051077333097
                                    Encrypted:false
                                    SSDEEP:96:1tRbwFBfGVBOnVlSfsVkSqnW86xb9w0seHyiu65088BVQ3mifSYFox6/DQMfk:1tRkFBuBOVwfsInW8P3en5v8Ba3SYyEA
                                    MD5:04287063BAB0958C0CC2CA6DFCA6102A
                                    SHA1:20909D5665C5E3FC578B51BC583780E6F104DDB0
                                    SHA-256:9E36214CCD2D3D57A53EEE5400FB74D5E0722C41CFE1D7B4871BCBA741024ACA
                                    SHA-512:1E2B80A36683EA3331905ACBD9E493FADF7A2E26F113B3FF671D0E37BD737A4B0CFFD6CB038239691224C138632E7C30A1DED63B11BE719C098B3D6052FB95FB
                                    Malicious:false
                                    Preview:.y.>7............i.2.l........].^.N...:?....gw~...g.....;!-..1.P/.!X.5._..j..s...h..>P..OgK....`....?.J.U.....]8R....h...e.@.&....*X.cS..K.>...R.}i...w.bB..x$dt6..........D....hl.....z..P].%?".g0.o.....).C.Dq..fr.._...Ez8Z..U.'q...m9R....Q.b~..2.4.E..IL..e...N">?....H.@.4#..D.W...(...m...2.l2.x...HR9.o.A4T.Z}.#\y.4.....5..S._...d.|.....wfQ......x.U.N..&L...h$^4>:.B;..Eu~.`..5..1.`....'U.f.'..`.'[..fLoq]wn7.dIi.I..F..8mF......|akEC.h.....&7lP....;*QU2.....m.T....J.s.......'...+.2Ve...b~H...,......t....x..H...ap..A..u0''....c......<...N..'0&/.5.............Y.9N.Hyl...'..[.2.:c...+...j.).I.Z.(..fn.E........&..... .1.o..j.....-.y......3..#.".aC.J.m.|N9#=...OZ....Z ZcXl..A.....q.X.N)......*i.p.<.mA.i........I.....=.x..0........:.!F."..H0..o....g..c..".+.b.P...s.........y..#.&o2..H -...N.o..k'.t..q.r=o..JQ. ..I8s..jK....Gw.i{`5i.E8....Y0..h...3.".'..M@.}...MEM;...v.[U..0..r3.0...a.@}R...l..d.x./T~.(..Yz.g..{.R+...$.u~|..j..O.Q..Y[}.L..p1...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\ApplicationNonQual_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1824
                                    Entropy (8bit):7.884898632562404
                                    Encrypted:false
                                    SSDEEP:48:TLwJtnY+NYgmbTAasvpQD8ZYmj8SMo05YZ:nc2+igiHsvpM8ZYmj05YZ
                                    MD5:E772246DAB9DA271F0FFEF56F0AD8193
                                    SHA1:686A5753FCBFFB8F18B233651844E30AE130D488
                                    SHA-256:6A4221AF6C6A7B86E699FFE7CD68EC346D4AB7D0BDADF253515D6FC374220AB8
                                    SHA-512:DDAAFDBD6B83085AFD10C76ACDCA5477B6D47BA3369A03DBFEAF8DC98CA24CF886006B988F15B7687E9BD91B393A671FABD7C977DE7FF26E32942E7BA08E20D1
                                    Malicious:false
                                    Preview:.y.>7............i.2.l........].^.N...:?....gw..4..Sm...i.C.u..g....W|..4....$.[.....7c7..s.U..w.-0...~p?g...;".S.mS9.FdP..Wr.|.....M.ly..$......V.>.[..u-K.'................'..k1..R.qm}...Ri..|.t..)...9.t..{..M....}.<..d#x.....<........P....>.....^....n...L.F..|..W&asO%<..4..k?.1;..o.M...../.o]_.Q..;..g@.2....trIu.`...(.D/.d....P%D((.......P?.E.../.3..\Y.;&.d.r..D..DL.^.W}....J....<r...9.oi.`>...%..c.B.3.G..*....Y.7...r.,PC...R[.oPL.c...2..@]2=E..j.ZOh..,G.....).s.D.Kc.y..L#.F['..XH#.].[......WV=.j.....Q.*.$.n....X.T...J........M.\.W..2ga.^.e|...1t.:..M.....e...^x..i..d.,~5G...ca2.vx..W*..P(...0.{..D..<.^.r...s..2S7..W..!.aR...:....20...E.........+..%.X.@..N...8....%.]5p`...f.!3+p..).......W......R.CQ..."....9..t$y;.rg.....M...qr.S.....*G.T.^.x..QSn\......#x.'.......^[.....6..P....D3...9>........]^.4....3..F./E.s...&..H>..SqG....1.q.S.m(.. ...z.C.0Z..Pr....x.....y.?..'W.p:2.....-..5@......kj.,.V.../ dXx..~.....j...kp1[.n.}x.C24.m.P....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\ApplicationUsl_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1456
                                    Entropy (8bit):7.857431401205709
                                    Encrypted:false
                                    SSDEEP:24:TTAXzaPbBzca4AHUGAn4LWxK7hbY/kM2qdG9mFLRZ9bNtwI1X0s3eGcbcTZMyZCc:Ts+PbBga4AHmtA7hmkM2qzLZ1840X/cB
                                    MD5:B0B5D962039934617B505BAD1B3D4112
                                    SHA1:6CE64B69F873CBFA2F05E659348B708017650909
                                    SHA-256:859BDD250F6011A6497C7AA0587012AC3BF4D4321A6B92E27F94B97DB2FC58FD
                                    SHA-512:F93B1186436554F26D59A04402AF14202A3679D1EE9A8F48E1998108098FD5DFEB60D5DBC1A8062F99585092976DC193052A587FA229DD2ED40A4E3E9CBA8253
                                    Malicious:false
                                    Preview:.y.>7............i.2.l........].^.N...:?....gww`.NC..m.P...M.B....M.| .:..w.;V...g....PPt..W..Y..++.@+:..0}"|z.Q+Gr>.....)..._q...............+..O.U.x~._8.#u.wxI......2...3]%.Q ..fp;...*.V....|2..@...@D....^q2F|m.).[.:.....W.1Y..X}....g.....c..L_....ZE.'...=..........<;.#..np.[.+W.=.d.!..-...+....G...5.4.".....!.2..|.k.A...m.p{.>a.....s...Z....v.n=....U4P....2..K.....h....n...]q....3.PK.BJdk...f`.M.....uQ.c.h..%....`.@vb..a..]..Y..>X7..0...&...(..f..`..l.=..{..}......xV...*..4....&<].$._.l.e...g...o......M..`..m.s......s......0.+.....b..%.........|..Y.ao.....b....e..QS.$Q....X.*..nu...E...x.s`...R......s..`P`.q..|, N.BA....b)\Fw...Z.".]....p,P..|.o...E.. .4M....)...I..e....._..$.-.:...(>n...eE 9b....I./F....4W.?>.[.8w.b....lZ\.M.i..s....x.=.H)...@...x..6.....r.u...:T...=....ix.Q..!.:.Ln;6.e.B.3;...i..../..W\1...2.RdV....=.N..:X..)Ys0..'..B.*..;.\.{@.....*+..E.C.)..B.|.....{W......<.......K5N......b.`...&q'VDP..:.........)..['^.d[j.8 &.a

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\Application_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1504
                                    Entropy (8bit):7.864082728758728
                                    Encrypted:false
                                    SSDEEP:24:TDzQo+6tIwJ2mbSQ816qerQyJKosQJqktC2gqtYuh2qQQb54bwMvqcTKqvlMJCXi:TZum24rQK9JZ9Fh2WbowGBe+leN
                                    MD5:484499E57C31569D7F390C2C356E3349
                                    SHA1:A318EADB75D3C8C778335446AA58A2D6A542A9A2
                                    SHA-256:25BC17A7C9FBC5E7F6EB5110491F67FF14E91D753D1892EB5C706BB6C4017514
                                    SHA-512:ABE8D6070D2D85ACE427E767F72DA6CBF73F12CF3E1E33863217DD56FBD6C0481964FEE2DEC420892F5DE4FB0E025F2CB6D479A710F7CEE65F3C0C8E76B4601D
                                    Malicious:false
                                    Preview:.y.>7............i.2.l........].^.N...:?....gwn.W..|.5'.]..!"RS.hmgi.....O.x....N.....d...n..pO. .3@....A..5.....UC..V....jr..=.....Ey...0A:..O...g.....8p..[..>2:r .+......Jq..d-w.D.{..........N...{t.<_...1 ).....Z.n.k...bd.....G!1.@.n.;..Q.,..)../...=[>..U.L...?<.:k|UC..p.X.cSU...T."._q........I......5................=mJ...K6..S...9...w..@..(.".M.xq...s..h8;a..5.v..4)....O.XG.^pD..........Q}.A.8p..d...0..'*..O.....:..T.......f<.0....D..|ua...L'[\....=...~ ..1......Z.O%...d.v.|...R.6..W..'.S....7..!..,.,..1.....Oj.L...'F3....g..h..[...X.........};.A...g.W..`..8.......jK..Z.+a/P...3:...ha....R......._&e.R..bi~k.....;.3.,D.:=..^0.....=H...m>.N......./..,.....`Q5..."........-.y.v?)uVS..<...rp....*3...........m*....3...J..z.l..i1C.5..6;e..m.i..Xs.6.#.G....r.3.XA(..'P4DN>..}A.....L......q..F....|D..X.3.F...8%r.tR.?K<(.?...w<f...L>.#.....7....7hj....2..8.gB.>.4......:~.lp......F .4c.8....B?.D..9A:..I*F....)hv..5.f.i"m;..n:......adS.....V.Y

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\AssigneeCompanyDetailMapping_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1728
                                    Entropy (8bit):7.874996185032126
                                    Encrypted:false
                                    SSDEEP:48:TqxUtdbVtCoBwHdGuTiAEyLDp7sQV2oCpe/UYklT/nVnVU:uoXkjHdpTiA5LDpwMCk/UY6RnO
                                    MD5:8DECB62C04736AD45F92D52AAF18E650
                                    SHA1:DD426658AD93A803F64940CF22F6E550A96E7661
                                    SHA-256:97030FFD0B00B65F27D290250B30CF4D548072BE96334B200FE94E9B900D1727
                                    SHA-512:F6B7DCDF1B50CBCE7FF0E6268EBB98E27D31B95809346CC25E76DEC55E89238D0CEDC02C9D1AE7F0490C844B45316DA66FAFCF99652E141F07C80F428DEE5779
                                    Malicious:false
                                    Preview:.y.>7............i.2.l........F.......A"o&...".4M.....v..i..9.!.....U..\...a<.........:.`.`E..3J.-..ce..q..V.....*Q^ 9.........."v..=..n{. ..ie.V..8.!\.8.e...R..X..V.e.c:.3...9{.xjd..9/..jC.%..bO,.}W..(..X...}..>1h.8Xs.k...O.B..f*\....w..)s..E.}$3..6...g....Y.B....45qw..<5.D.x.......<..A..#....W.".]..I.p;..8p?..n..v.QF%.\..f.~...|r..Vn.8k3.OK....?.]..L).g....@*...dv .#h.t...p.^..`M.._.... V/...3=[;..c(R......ZL..k{..0T.k....B.h.../.DY.Yx.Y....o....KOPu..Y.<g.?.Lg.2c>..)..'.......O..m..-Y..g<.....U.U..^...>G...........ae..._J.....-.:.^]{..{......6.I...u>+.<h....2X..#.t......R.m.[....j..'\.{../...y.~..K......pW....~..5.....+"&..Z...CT.F..@&.M.a().....Q..4.....1..p.J.}.>j..Kw.6RS....q...........UY..?W..p.8,.8....J-...z..h32.....z@.N.....!.:......\.i..w.~....r(.".....TV..S.........'B..f.........g..3[..SW......$y....m.Ig..K4U..D.i....#...7...f..^..Z.w@X.I..X.t...b.3)...].g.k...9....wT.xk..`....a....D6.........tAH.,.......w.?D...7..9.A....s

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\Beneficiary_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):128
                                    Entropy (8bit):6.607307324168044
                                    Encrypted:false
                                    SSDEEP:3:tpe8vBnG9Z7hH4+s2yvqhwSuIx3xFmdiA9TwdYTwszM2OCcpn:vjvBnG77jXdhpx3yFKYbftcpn
                                    MD5:D329D2AC0012594A57AAEEF560742A11
                                    SHA1:9A7507181011D1D22769F8F67E817B7BDD38A322
                                    SHA-256:B3DB60819217A07D2F6BE8289B7A3F2376D00EF9AF93BAF00BE1E49EA7BB4D8E
                                    SHA-512:B298373DB17EBA34EC44EC7814FE23A11DE16777FA7B267B06DA05E982E36DB6F7C46F6838723B07D8F6CA19B098907DB645AC505C038266152B725BD2279C0C
                                    Malicious:false
                                    Preview:.y.>7............i.2.l.........|Z..y{}..#.L5.....s.D..E..X...0&.$=.c..R..n e.uq0....@L.5....tG.Xo..}...-o...V)Aj.k....|._

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\BenefitDescription_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):4224
                                    Entropy (8bit):7.966391536523057
                                    Encrypted:false
                                    SSDEEP:96:MEc8Ugz+3gEcHFNpa9LvpqEjuo6fldLNGesuP+lz:MyScHToZuvZfDWt
                                    MD5:57F52A4CF8B55E0C8EB20C16E9DBA510
                                    SHA1:A0AEEF35F11DA8A32AEA2A2C95EACA1C385CFDD1
                                    SHA-256:0C684AF428311EF89EAD062950F24FF5CC771231DE39BA6A4197C9FA3058CB8E
                                    SHA-512:89F82F85D793BC44BDC62F70DA2A93E0386594F82EFBBB9A92D0BEE5099DE85FBB2AAD6FD9F27C390A7D1FA8B4C4FECE7BAB43173542D070529AD82196B0FFD8
                                    Malicious:false
                                    Preview:.y.>7............i.2.l..........(I...>...u...........G.#.pW...x..*.-.8.ij~..k}...lg.^...&JT.r........k1].vR.\....#T..)*F..Q..e.Z....%....s...v..=......r...`..}H....W..eG+..l.Y..KI.w.s.\.....]..Rol.V.................:.0.+..8.Z..^(1.1.7S....6s..o....P.5w.....,.I.MB....-..cYc*......i...C}.I%'.]...,...@....Z.;.9UH"BV.i.Z....%..........e.#..O..e.|......-._K..M..)..)..{r(.... ..@.......,..5.!..Td.....Z.M.N.zN...p......|ta..I...P...#..h..;.Q.1..&.....].~H.$...](#....Uc..........Y.A6.Jn.|Rx....J#.E.4..P........)..G.+.......0G.........d.V....>..........?.$...-p&R..'.=.Nl{....62..Y.......]AB1w.......)..5.`....X.......3.c.5Q.{O4.......c......r.X....'.].... .J.&.=.L.NQ1h.#&Nw..5........i..sg.S.....d1...'.;$.l.LrT..jt....d8.......S.Q.,.R...(L5jv.B6`..r..-.R..+...6.{.....B..>...Z.]43X.....4......*...f...o.Y<.v.O&w....Zg.....XN.....Z..z6.UYe..c..W>>A....Y..O..@../....}4>fc!.M..{.%..U.LM...Qz.a...B.!0... ..Q.l..W.f...y..Y..u .z....kSd^X..w.0o`.VC.5GX.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\BenefitDescription_ES.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):4224
                                    Entropy (8bit):7.946967206386865
                                    Encrypted:false
                                    SSDEEP:96:AqNdCgOwRxSrVodewIb3MkiliHuFqa9dzVgqub0XbZhzFTt:CbCSeRIbckWFX7zyqMufRB
                                    MD5:7EE4C2C930E1AE149E24A97F938208D7
                                    SHA1:F376D55F929C644210ABDE6CF4E8CCE67A3ACF7B
                                    SHA-256:70E938C19A70431CED4734A807EE087A3B9359951DC815862961E7A9A7182A65
                                    SHA-512:2F2FE58A3B738B514EF9DF810F4221315E50B6AC72DA4C6E11EF933E7D509D66041C24138FFDBD0DAD66346338F664C098F230DBD01F82B269115283BAAEF2F3
                                    Malicious:false
                                    Preview:.y.>7............i.2.l..........(I...>...u...........G.#.pW...x..*.-.8.ij~..k}...lg.^...&JT.r........k1].vR.\....#T..).f.....Lvp.tW....nq.F.O..|...C.....V./...Q.j(.....T...t.~... ...4w..7d.].h.}#.$.....Y...i...JE...Q.(.a.......'.....\gAUZv......j9W.0J.._.!....o....%u.3..{(t....4u.<..`.:.,l.t..|ARJ.n...-.L....Q.G&a........n1.J.z.|....<&...v..L..w.u.II.o..6........h..D9..........5U.]..}.6AN.0u.]7..p.(..=B...$....NX....7..(#...@...*$:.ST8.S.....mh...I....j<.x..(....=<.....'..IS.3....[a.7..l2....a...... ...,......8..a..@U4I.n..r...........I"..W....8.....J..r..J...~C..kv:......F.&..2....@o..N..........P;Z73y~p'%.))..............>k8...%V...`.ai... ....H%j...1{.c.`.p..h....f....(>.L..'P4...1N>.jC6.B.!ma...&..2.9..:.n~v.P.2.......I.....f..O...~.....h...'.;{v........h...w..DChp.v-....._.dq..)S.....u.\... ......l../j...6v..V..X.3.'@.....:.u.........ze<..,.\Z...H&.*GW...<\.6..0b{..X...].7dH9..0.P..9.U.BZ..lW.../m'....E{...>.....L.D.R}.i..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\BenefitsSummary_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):176
                                    Entropy (8bit):6.89253140550766
                                    Encrypted:false
                                    SSDEEP:3:tpe8vBnGEN82pzEg24fPuVCqmfwS6zVaToNRdslKvcuILYnXmsUcWYjZrn:vjvBnGE22yZS2VCPfwS6zPR6lKvcBst/
                                    MD5:961CECDE60C457AF8619FBDAEAB3E01E
                                    SHA1:6D0568FDC7F0DC0BD53A41A17400818F2FD90F1E
                                    SHA-256:6A7182E5B6BCF8AEE05BB78B12CDC0B85A31B383C350BA68AAB67CE0941318FB
                                    SHA-512:D60712AAC20EDABABAB2070F109B03341491DB9F3531B1A6F05664FD64E1C138175F55E213C647CA2F17611F7F57DB7534C9B99FB62C3BFE2A716EE8AE50642F
                                    Malicious:false
                                    Preview:.y.>7............i.2.l........q.e......1./......K.g..z).u.K.....5d.&.,....+._.H.h...uil.xw[...f.Z.q>7pR..L..`.1..&=.....7..\.:...I..h.).......k.l..j.K......4AS.....3-..Xl

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\BenefitsSummary_ES.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):192
                                    Entropy (8bit):6.944890349733767
                                    Encrypted:false
                                    SSDEEP:3:tpe8vBnGEN82pzEg24fPuVCqmfwS6zVaToNRdsOy1bsG292oSMm7QaZPcMXq:vjvBnGE22yZS2VCPfwS6zPR6eGSm7POZ
                                    MD5:B939C4A7E8CC6578ED4815A4BBF6D320
                                    SHA1:72ABACCF0DCCD36C2479A8F51F744C66B69C4B0B
                                    SHA-256:0950C122FA542865B4E932CC6E33E8C7D9808044956977CEC8391B3D3F5E27B7
                                    SHA-512:B5D4F510401FC2DC4996018B605CD101F4DEF6C7ADE042F43F0B53D704D3087C675164EEC4F8C4D2DD1CA5E6098D467B4ABA2F95897F078C6D01D50B64C2C85C
                                    Malicious:false
                                    Preview:.y.>7............i.2.l........q.e......1./......K.g..z).u.K.....5d.&.,....+._.H.h...uil.xw[...f.Z.q>7pR..L..K..s"....,...M.|.Y.q9.X.K..z...M7R..E.;..].V.^..Q..v..UE7.t.<\.C..w...K..."

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\DefendantReport_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):5360
                                    Entropy (8bit):7.9611878984666165
                                    Encrypted:false
                                    SSDEEP:96:j95FMKQw3dtQ88IL68HyzLL0j6o6lKJ/V4KTdbJYIbK5PyHHAns9OJhAR:KittQ7M6Uw5tKJOkdbJfAyHHArJeR
                                    MD5:092A2B682427827B85FF3FC51F5D6BD3
                                    SHA1:4C4989A20CBDEEA15021F6E29465C7F9FE761DF5
                                    SHA-256:A4CC9FF2CB99824CDBC54D814C97B3738D01D22DEF5D08DC3108625A50FE2072
                                    SHA-512:E8BEDD92AC60B63290F6C6CFE148BC4954A88976CE32E129DFDE2C759520A0A96412CC7A7D05E135DCCE2884C8AA27C175EF3A180B14A530BFCCE9627800AC12
                                    Malicious:false
                                    Preview:K..j5`.j..d.}...p.$'11-Z9...j..;]..0\`...54.!.CP..=X.N.$g.hB.~.4..%M....9rP....u.R.DK..(8.;eM...T....o..1.a......U2>...:..v.........)..@..m;Q..C. ....Y.{4..jIU......zZxC:0.=@M.....[f...&....X...g.......>).t...|.....dE.X2k...ia..[?......&.."Og.E.d......+=....k.....up.....hTPA_^.mso..s..8....7`.4..>.V..j.'X._.j._+...c.s...._+..t..Vt(...(.......5..^.I.r(W...pZ... .+*."......Z......j...$.ck.....P..N}@.y.Z..}...x.........qTSF..;.......)....."y.............rXW..\wk....xB.......?_y.h.J......" 8..S.l. ..........<."p.......<..$..I.=.A....-..h../..9.....K..........Y..O..8<.K"..h8......:..j....\.....r.{........%0.X.P.Dv.`5..}`....-W..X........|C...+t.W..4..^.....9.!(G_1k....M4Q..l....im.... Iy.......3m...3so.-..8R..,.Z.3S:_wE..46r......cT.7%.E..cg.@n.-.G...c..t.+1.Tm.M.^.......~.=...Y....U.li...r....\/...K".y{L...h..9..*[.6y.lE..0g.:B.v.R.~ar.:g.........(..T.._|c.e..._N...>..n..#..C....4..1J...D...................u*(...l{T...D.Z.T.:x.iz...~0jC...9.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\DefendantReport_ES.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):5888
                                    Entropy (8bit):7.9683794143328655
                                    Encrypted:false
                                    SSDEEP:96:30cq694+tRHxJhr+9eMx1+Yx3s+lG9Uv9up8me8JZXc8wvhTLI:ft94+tRHxD02Yxpg6v9up8me0ZzA5U
                                    MD5:7B54A83468FB45AF25DD66BAE4AC415B
                                    SHA1:86A2521DB7E32B059ABDB0EE7929CF0CE01F520F
                                    SHA-256:E4C52797057AB1E18DB6A27AFC9EC1A46E8B0FB7E82462769DACD16735BB2062
                                    SHA-512:8929CFFD9B87156EB8967ABDC5A58DB611CAF44DEE3CB95A5B5971118056208E080B28A470212A3DFC42DF4410329E25B6B38459C3BC6E2CF8776CB325572B80
                                    Malicious:false
                                    Preview:.y.>7............i.2.l.........>r..&K.Z.[!.e..i..b....08C/.8...>...0....w....8.\..........u.iZ.>...o....<kB.@/.....A..au.X.K,8-Y.....z[....Xb.w.,...u.'.l......t\t.........67q.W."~.G.3!...\CY+.J..@j.oQc...+..9...)xt....u.......P..w..z.....8.1.H}[.....d*.o.....`.9.p.g..+8"..Z....<.....8....k.k.u.t..2...e.......v...r.>.....s..q...>..o?S.<..j.C....4W5t...6!.,.....e.4@>,.t..NH...z.1cTn.+.d.s..................W.....}.....==.z......!).K. ......eK......:B.......x..i...On.~...H./..(.......".0./s..]..#.....C.Lq.8.S3..@#(7..Sr.s..%...g..i......R....^.]............^.W].....T.\..E..0Y.V...m..\8E..J?;...pP.H.v,`..S.....a...7..c..&.{X.._8.}L......|.....&........-p...H-..7yt........U'..DC.......VeTm..c.J....vx.....~..0..m.v...o......3h4....m.f.&`R"...!2.s..\...<..U`.J.u....`......`.5.Ym;.i$...T....5.....uJ...L..r.F..-.n....U.x.X.#.`.?.B..H.gN`..*.O*.9.q....yL...I...V..........9.4JX...7....s:.5C..P.E.W..J|#.]..`._..&.Z..,O......*(\D.:.E..?&[...../....RD

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\Footer_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):576
                                    Entropy (8bit):7.630517046277045
                                    Encrypted:false
                                    SSDEEP:12:rvBnGLIbwuYLwWAa96EV4qqK1b4Xwe0HaeNYAUKhS4W0HzafGThhB:TFbDkH14qi0NUanTafYp
                                    MD5:E27A08A859CD0050DC453E52E0778D1B
                                    SHA1:F6C020BEA1A21E707156FE7A85116E1740DBC09B
                                    SHA-256:95C5A05985A92DBDC72DFB93D6773E2882A172CDA7E6A3B7C77DC81BD1FBA6F9
                                    SHA-512:7FF2B7104A3F90166F42514F0EBFFA1236E4D84DD01863B261E50E7170E233BE9AAD5B0B55F5D5E6839B339EA3051B0E6D8681A108E2E44CA36A91B9065BCB8E
                                    Malicious:false
                                    Preview:.y.>7............i.2.l..........Z.r.N....,.m...5..7.)|.....M..?.E....B.M.Y%.....Y.,sT...,).....i.Mc.F..B...fP.rc..XE.....5.."8.K.......$....!.....y......_..0....,....{...rR.q.7...T..B..k.M.!Y...^.b..&..Q>Ls?X..........B..}....b.b.L.c8h./wc)t#2.l..m...A-.gI6.Z.<dWm....d..c....,..5C\..8....j.u...0Sg.#....g......=S..*1..e....*.;..G....VU1....GO.A..w.sD..x.x.....).9..P...y.1...."........e..,.;..B.3..p.!...g....ui........G....M.....B...A..K...Y+..+...:Z..lJ.......H...g6P.7..@.. bPj./c.fx.".z...>..<..E....rm.`b.]Tm.O..<..l_..!v..#T.........0.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\Footer_ES.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):608
                                    Entropy (8bit):7.674078606755706
                                    Encrypted:false
                                    SSDEEP:12:rvBnGLIbwu24l2rsC71xDSdHoh+iCuY/ikGPZ24Zq2lnewL6FJpuOTap:TFbD24ErsC7/DSVo5yqkGB2EqunBGJUR
                                    MD5:B603BFB8F10F0A7EF6DFBB8CDF14AD55
                                    SHA1:14B1193B3EE486582CBB751A15A7082DB3623172
                                    SHA-256:2C12D3A45C110718A9AF12E3A464EC1F921F25F8FD26E4F7E10D5BBE1B25FAB0
                                    SHA-512:BBE82A05770C5C611DFDEA31BAF53F6BDA87C0A4D18EE45E46C2ABBBFFDAB9ED07232FC4D36B4453E82E0424C8A7940203D0E77C32D29F63A3DA2009CF2C4F8D
                                    Malicious:false
                                    Preview:.y.>7............i.2.l..........Z.r.N....,.m...5..7.)|.....M..?.E....B.M.Y%.....Y.,sT...,)......=.......O"...p..h..\...1mM.{Qsw...N\...M.........c....Ib.&.*...z.......*>bW.}Z..$..2rMz.24.B#.b....8T..e#...6<.FZ..xP.~FH.v..].......P5.x...a....y./.|..^r`.g.u.S. q.o(_G._.\tT..B.uB.p.4.g...5.v..x.T"p.c....'.=..l.3...).:....A6.....X......IXCk.;........... 3.Gw.;.....rvs.6>....{]..\"...wq7.Z...3.*.<..... ..v../..[.[!....oJv[i...Q."q...Z..+.}.s..!Z'....Ag.7..L_..m.r..]U=.W.^<....g,....w....$..5k.y..N.m.w...7.L.DV.x....:.A*X^......oV.5...dB.Q.g.mJg..5...........$y"..v.%.........;Ki.aS

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\HoldHarmless_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):5264
                                    Entropy (8bit):7.960983393855239
                                    Encrypted:false
                                    SSDEEP:96:HpXzeBPXVWatIfRmGxx4PXRbbeYqshLyCXgH7Lkd8SceTafgnkvWQmiu:JjWPX0a6fRmGX4PXR3WoLTgvxerkvpu
                                    MD5:288BDB769705C4F8285313FACE926C70
                                    SHA1:DE9B23F12300B6DF1081E75C8E608FD800E354F3
                                    SHA-256:1D998E38699B0495789F62C62A83D7403A8B304EAC5F7119565783F9289C8161
                                    SHA-512:6D97AD3AAB56E32D7E763C6A3D8A28B9682AD34BF77CD7D3C1D0D8BAD62549157C78846C687033C694B0442C06E09418FEF1AB6602EE830C5806CA97E4B2675A
                                    Malicious:false
                                    Preview:.y.>7............i.2.l........q.e......1./...Pf..:y)....)..H.)..\...."o.+.m.d....=,d..xEB.^...+Lh..O...t.BI......".N..z.z<.3I.`.o.........Z..}....D|.....i..8d....."^.P5..j|.%O..$g...b..b=....%6<!........o....K..z..\.)}..&<....'7.S%/.tr..P.5US../R..*...L.s.w..<.....-......~...(@.6......W-_...}.c........5.C...g.QA...!.9..g:...q...bf.\NF.|*.wa'...<...b.1d..G..i..5...."..1g...l#.)........)ON....W8$....w..oP.mv..h.b..K...h.Y;........q..?.W.P#.......JI!....f.}..*....Q.qAK7.=yo.9.32L.G=w...?.......l`:.ib.........&..;.2.9....Ks....L..W...V...,...i.-.b..<N.y....."..H..k.w4.....(.y..1.O.....L.8.......u....Z.....qz...f%...S0.<.1.......G...".u..F.#...OBA.&ww.'...y......J...gL.\"..g.6e....bIT.s..........F...+l/B.{s.%74.m.7B.E...^+..1..@.\..X......&o..<..0_..q.,.s.S...._.Jq...:{...V.......O.8.......Y..A|......D.>.'X}:aS......=?....!...[.....7).I.;.D....l......uV.....'#...M.:0........}.ZuF. +#.9 '.'e...i7.U.............j...U.A#.....Kc...H

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\LockinData_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):1088
                                    Entropy (8bit):7.842389824791204
                                    Encrypted:false
                                    SSDEEP:24:TKId8aT4gXwyMlrzdHD8AqspjeJsXFzO5McRe+CfaFI0JhbwCHyyr:TBd8alXwySzdj8CjeJsVzWre+XjHyW
                                    MD5:47761827C98ED110135BE934F9EB089D
                                    SHA1:B51AB8B99FBC5DA13C0B923424F42A208549F02B
                                    SHA-256:7AF4542FE21865219497F045DAEA66AECA201EB152E66780E6CD3261CD7280F0
                                    SHA-512:0869AE0501F1604FA987383DD7BA0B5C7F07D19B7C63E033C8219DE1DD75766BDA0CFACC2FD3CEE4B251922707C994DF88630C4644430FD29703284FDB8C4661
                                    Malicious:false
                                    Preview:.y.>7............i.2.l.........M.-..2y...H>5.f.,......_]z...=.....UZ<.Sz*.t..Y.....!.fU3.(.UfO...K...;.O...f..`.K..........fh.,W..!.3.e..p.A.._m...wou..^.,....."z}z...-..*6..U..y.6..R\...|`o...+ .1\..x.Q. ~../...h.vUO....<\=...S.Y.....L'_@h....5FO.@.t...6....W..&.W.Ch..MI..'...l..ne...o.8......].......c.,r.....3..J.rx....2d .v..............q$^y.s.>.u..:.@p...8U.b..RE..Qb.J0z+.|U>..)..%.K..U...d.B.~8..b...v.n..f...Q..... s.P.e.F+,.HQ%o=Cc.....c5so........,~e.....4...../.9J9..V.#......J.T.AF.....Y..]9..X.I..x.r...`..:K........M....HO.'..|kON..CN.=0.q.K1.E{........a45..3..7......bOIE.Y#.Oo...n......ap./.@()3.K|..6u.(i.v........?.v..\."x..6..Z..-....g.o.VZSZGo....EZU.r.zS.Nb.7......d............,.|..iUe.-.QQ...T..........u.....vQC.8....g..Kb...U........V.TbP...h..........N...{.A.q...cGn.?.....]@....=;.>...?I<.V..1I.f..E..6...#... y...3Bpy..Q.0..h...F|.@..lK........Qm..... ..1.6.-%.;..o...X..4o.......k"..rL....nOzC./..:4$5.N

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\NQADocFieldMapping_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):784
                                    Entropy (8bit):7.776281204177369
                                    Encrypted:false
                                    SSDEEP:24:T6aS8UYQlj0lPQIjb/0B0qGtMv6Kj5HY12EgQ:T6a3UjqPh4ktMtdHYYPQ
                                    MD5:A92DA09D526794B7979B5D9A23541DB0
                                    SHA1:8E1A07DA86D6D33086CDDA3F36399FFCEDE9CE93
                                    SHA-256:3C60C0343DC7CA57BF7F6F01FF9A7866ECE20EA0E23D81C542E18A944F65D223
                                    SHA-512:F6E9781241FA1308AC4E5BF0A5375F2A3535C067B2C0E95350765543D1FBE8C743BFA985419EB1F4B17F91468237D685F3087C1BDE205F7E2FB9A8288D1619EE
                                    Malicious:false
                                    Preview:.y.>7............i.2.l........(J..V.%..e.>...L..+=g.3ex7.?....!7.(_8x#..v.....w...^4.d.Cx..[Q"....M.7..y(....m?A.....A.......4...|..s.....J.%mq.$..F].w......-...p<A......e4..4M..P^.....~C..Z..`4.TT.W ........xJ<..].)...~.]...%...5t.v.5....P........oR...L.$)...h.+OU.%.[R.jX9|.;..~.,.......L2jKT.Y...,..=...#ExQ...E..U.G...U@..$..Ma.....1..*6....)R..m.*O|.z...#.br:...A.gq.|.....<u<......dV4]=^...L.0x......Y.<@.0..z.0...c>....9-.)...P.SA.L....&.FJ...1......C.pL.k....f.v....#R.Y)0.3.xD...@H.h.hj.n"..{..]@.3..P.n.....o...k.=........_...~.O....e.4.....=.#.;<.fZ4...........:..s..S}1CM....`.r...=*v.%...(.gR,..d.....<..R.2.W...F..m?..)}{..V........|4..N......!...x..3...._S?4.e.b.*.q....{=......<z..<..a._..LE.9.I.........;.--M....4.e..#O..O.6....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\NqaReportData_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):784
                                    Entropy (8bit):7.77581981832733
                                    Encrypted:false
                                    SSDEEP:24:T6aS+6xnbtAWAqRy9BYA2UlV+psIc/xsFcP45o2ba:T6a56zmqVA2+YpYiF245oOa
                                    MD5:6E26A8EC445F91D6FE9EB1B887720244
                                    SHA1:EF0FF431C8AE41A6F9E188A8965BC516F6EEF1E4
                                    SHA-256:693BDDB24CDF2B22A573586B4A5BADFE749255F7CCD5851478C462E8DBC12D8C
                                    SHA-512:BA7B1E90261E36BF9DC109AB001C8395EB0DC06451E44331BA6DDB02DF98B33F67A3FB1D29397FDD5D5C436AFF81C7CCDD3BBA3416276E71806C3D56514D6CA7
                                    Malicious:false
                                    Preview:.y.>7............i.2.l........(J..V.%..e.>...L..+=g.3ex7.?...1....'2.....c...s...._...,U.....<suu.L@........t.d..?@v..^pf8e{..b......O.#5&l...KPv...]X....%paN{...2k&.'...5.!...CD.X.*...G......N.W)........q.p...vPHH..R....0...e.N..Aw0B\S1t.....oS...oO..x=?....Zm...$..6..]-.8I.0Cva..yi.x.g......E.@._..k)..'.......|T.......mz.....mp..eR.7.vi*...|...*:.\..5.....l...4.t.....<....5PX.b...q..]..AP.I..au..q...%.'K[Z-...,.....z..Cz@..5.~....=0#....?...L8..B.%..jgDS..`.wWE....v....^m.......2....N......."..s.....C.....Y..F.....;..]..b..(..V./-A.s.z"Z6z9.._..-i]}...j_.:5...Xf..Z.:$]q..*Fn....'...W.k].s .....4..... ..}L=.....'..._.{.}U.(9l.'q.a..1...S.....5.;.([.....R...W.=.-A/Y.......;..^P.......R...;....M..I...GB.f.8...I.3...&..E..I.....[BN.).A.m..w.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\Reinsurance_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):19920
                                    Entropy (8bit):7.99118613297588
                                    Encrypted:true
                                    SSDEEP:384:Fj62W0CkEM27U/wT7nBfz0wh8PMt3sLig7viWdlDTDUVYi:U1kE/7UKwjMeuAiWdlDTDUVYi
                                    MD5:43D46D4229B72144340F7EFD1E0BEAA3
                                    SHA1:9AEDFBBA88741C5C3D0542E869B82A2095D47991
                                    SHA-256:D7CDC4CC2F9607FDF23F020DB95B3D76F39DA12B81888556391278E0F46233BE
                                    SHA-512:607A0AF2A4F18C1AC90B347133FE165DF78922F883424A61CC4ACCE694AECB511E66836D4EAF60A0D85B739BE399869BDACE8EF30469BF227632F19F92354C89
                                    Malicious:false
                                    Preview:.y.>7............i.2.l........q.e......1./...Pf..:y)....)..H.)..\...."o.+.m.n.Zaz....."....p..z..m.XG.....R.P.0.6K..C....Bq}..d;....h.`...O.k.oT@a......5..~.X..F...J:l...U..+Y.+0T..d..Y.xXw..-..D...wE&.J..Z....Fu.}h..D.9..4.!.......M...8.B.w..8r.^RN...k.=.d)S...G...W.^...#..O.ZV.\R..K...>...7....o...H.....E.'.2357{...5.....w-.,...S.)...[.n...S.9..+...........+.D#..;...X.o...y....@u......~....z......S=;.......>u(..8....].zd#....b8.9.$l..(.l.~F.%...5..,)JE.M`.I..k.>/..!`...?.9:..].i..k.1..;..=9.V.+..-..>....ud...*H!..6t.Bv.C0..-..HqDaq.....+`..&.IL/....O.^\..CAU}6....U.N.....~......].)U..R.O..u.68..Nf.V7.\{...0....-.n..).{...6..t.A............P.........d.r.1...Y:..g.....5+o.&Y).4.S>9.4pN.../..;..(".J.)e.>...#....Tku.:G.......kV......Vu.m..../fz../,.P0...*.Uk...N.j.4..& .6.4at..F..7.\...L.Pw......{._S<...d.N.."..."5.cu.O.N......O.P>...|.!..e=z...*A+ :.......T....K.........~y...w..f&[....mB.T!!9.....6..f...t>.U.?.F....cn.!......@T.?&....M...}f.|.c..j

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\SettlementAgreement_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):848
                                    Entropy (8bit):7.779442681470254
                                    Encrypted:false
                                    SSDEEP:24:T7e5ZjWH+O0waTKsVpEcJc7ug6p8dIvL2aNug5RJ3poBGSjg3E:T7e5ZqPsVpZ2/Q8iSaAwsBGc
                                    MD5:730AA938D19893A4992E09D68D2EE06D
                                    SHA1:33A98EFEF4542EC48D7C8559912E6EA3CC5BF7F2
                                    SHA-256:67DECD69704DD37CFCA29C99A64301139E965AAC787909AA48461683510BD6AF
                                    SHA-512:B5FA15EB4F33F0A1A578E0C1E3C0B353E1CA10B25085C7C83F75BCABB5E1DA06E89B4DE173E34C6FBD15293897AB299BC1ABACC0D1B5EB664F6A65E84E9F87C1
                                    Malicious:false
                                    Preview:.y.>7............i.2.l........q.e......1./.....S`..O_. ....p..'..X....L..j.....m?v.,^J.@9...z.CP.s.}..?.c......'g....c..O."....;...JILibK.-...."....U...(...7`rC.....S.....el.P.\S.t..o......)...[.........7$+.....#./*!.5.P..,...r.F.I..R.a.{].Qv...7...}T.f.8...i..?._vz..&`..vI..)_!S..-....Z....%4M.L...:.n.,nf.^.O.>...8W..\0.... .G.*...)..g...eVR..6..$B..........*.U...V.d......9.{.P.M..@(4..~n.C.D.-..I.!...8.........<...C....Z.j.".+V.c;?940,...@....8>..D.p..X1......-".......)./t...)J....a.".,i|u..B..(.1.|3........A.....%..DmM.X....-..c.,.:"..:d%.#D.L..t.....)u.....;...:(..z(.(J...........7....<...v...I.z(..nO...#......A..R.TF..+.5a,.zSBv.......+.~y(..{...X-..:<..e...T.5..X.o.m.D.z.<.^>n0....r.F&msKf....E`.,K..6..|...{....K3.rj.x.T...."..../....,H...2=.(...........($......2..8..a./..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\StateApplicationDocMapping_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):5008
                                    Entropy (8bit):7.96662951371874
                                    Encrypted:false
                                    SSDEEP:96:r91VPuv1tcEOPaEUewvE1tpmTb+bsILzQmONy0VK4/IVJYNDlJA:rnZue51jm2bsqzyNy0c4/IfYNDw
                                    MD5:089187171F5B0B2A68ED66D1B4539A79
                                    SHA1:BA984E38DEBE3FC7569660300993F89FAC752981
                                    SHA-256:4EEF53CAD9750800E2B963D5943AAB7FCBD302A8AAB53D7CC781C7DD202A5AF5
                                    SHA-512:4367229B0C1BFA773B28B002DC1B3EC6F9948BD3AF8B605E6A234E4E0694633349463DE8721BB8B428CEA24D7E317040A3EA2AE9BE79B0D42A0F96825C7E0DFC
                                    Malicious:false
                                    Preview:.y.>7............i.2.l........].^.N...:?....gwnfp.7.l..G.DZ.?#..p..V_..I...p....^*<..H.#..5.^....Z.T.3.../Ej..Q}v....%...ew...z.@.......q+ .X.......-..{~N..9..Y~C.......2X....2..........H+}%...RD...sjW...d.......w.^4..F.jS.Jg...n........M.V.\.....^.<.N....0.4y.RJ0..jlX.....;..a1.Ra...X"....AbKFFK..+?...j..........f*`Qx=...7....TR..?...6q6jM6....`G.1...-..R..;.."PNX.....h.........]g:...0..GiB;..D...F..p.B.3T..._....>...`Y............~.r.6...^K...8.W..$.&.:..34..<,....A.....C.&s.`*J.H^.g.X.k...L...d_...;._..;.....P....."Y..!..........d...-..=7.B.K@\.=.O.,b.U.sv..`.i.un.y.....tO0M......]...G..6....z~..3..J......V..k...Zj...]Y.!&^.......=..M.=.K. ...\pr...8d._Kp....f..&j...R.....b..VQC....%.u.?.?.?..:...1.!.Tt9..`.y...9f.r..J.Dy......^..tj...L..8j....)..(..~.L......VMV...].. ..$Q.M..VO.^{6.O[.<#..9.k..v....3...-^..!.B.a.....H.zjm.K&tw.Hy..q....}^x........O...\.Z.....1...8.m......#1i.x.[.7.}..<.'........s0TJ8..z.hUUD...k.8.....X..k..W..R

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\UqaAttorneyFees_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):784
                                    Entropy (8bit):7.731056890248617
                                    Encrypted:false
                                    SSDEEP:24:TzXO6Z0OkOG9SVc96hUgizrx/wy6peiFv1OR2:TzX9JyXwi+y6pQw
                                    MD5:01F441253D51C16F41D739C5FC196CCB
                                    SHA1:C40A8C4D53207D496A50C096EB8AEB79F8961139
                                    SHA-256:C33362DD447FD76602A9E1891ED537DB8091267320881C08F82B6343947CFF97
                                    SHA-512:F8FE7FF6A3F474A2FF569660C3F902DC506455461766866BB5225B67B8A354ECC0BCB82379F5CDE5A6988C5072A7316AAC714B28A9431B8F231E4B1497380BF6
                                    Malicious:false
                                    Preview:.y.>7............i.2.l........^...Y{.R....m..k.S...H....~.~..`..YV;.!..[n..Q............0.#...Z.y.4.4'...G.?.g.=,..t.Y....=L[cQ.Jdz.@..#x...G..+=.......,...l.....G?.4.%.........{F2 ;..~.]G.z$:.T...d..Tt....gU..M:U.}.....vO#=...*....U2.....A...+,QV.?.....U....3..}...R..Ta..I."..IG..*X$...T....v.&...)..s...v.'..EA{'}G.O....[..m..\......"?..u.}.xy.K^..(..r.........M.#)y/=)\.K..IB.L.IC.d0o...W...A....#^.+..1..V.....Du..n.=C......g....S...z....k..+^;....>c...xx.E...v...l..rWq...).{....A.....{.N?...Y..[..7..*....t|.....8h/.....X..(S.jlN?.....}.n.2qI.ae8C..P.e..-.?..:......;FJJr.l~.......4.78.%..r.j.......8..T0.*...8pK.&..Uq3.3e."...!t0j..[.\.z../..`..F~..#.{....m..c-...~...9=...u`. ....ip#..R....3..2N.7..s....... d...T.W...].....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\UqaReleaseAttorneyFees_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):800
                                    Entropy (8bit):7.7337241383573785
                                    Encrypted:false
                                    SSDEEP:12:rvBnGpgazKLRGIlUqNYAsEH0OHig0fgOZ66DUJKUqU/O8WMV1SCoe3pMxNMcaejg:TZVLhnUkB266+8UEMVMreyRa4HA
                                    MD5:7A06DC0FE5C0067289E2E00931AC47B3
                                    SHA1:797E4BFE4709103EF00BE785801FCEA03563F4DB
                                    SHA-256:47E8F2481D136F51F5AF6E8D856436E4211BBBB25E18C491A99F403B09516416
                                    SHA-512:5C606C17F91E297D22AEC544AA7B3E16FBDCECDAF6735F9CE480BE5949754F3F29A2DC43EF6736A0FF48E08227DE1A8AC1AF3346219B127B8DA0066000CAAEBE
                                    Malicious:false
                                    Preview:.y.>7............i.2.l........F......;...........E..........OrrN....?...1.||/%..b..cxJ.<.sJ.......U...A&+N.'..$a^....gr.."-...K.N+.|.$i...66.Jq.9..U.l1...Xy>..iq...d@.q...s........2.X..W...`6....-W}.N...a..J>.x.....K..m.12...._.......... ]..c........{.3..E..f...Ny.E7.\d.t...j.=.:...<..s.Z.A7..b.....(....GN..T.H..E?.?Ie..G...h...xk@....."#...y,.....tO].]...][1O..+.n..........Rd..[o..gi.8.Q.]{+.RgF....G.z.M!.,......gmU..!Fd...........!J...a.........B.=..B..vA~5....swN.^../B.8..V.^.....F.........d.\.N.d.....k..q.7!..z....[H. P|U,d.. .b...~..m^=%....@hd...t..?Q...s.wY..r./...:..>..h:.l..H.e...,>|y..U6.P........yo.n..`.M.^^....Q~....U1..A...z..J.......V.f............6..n....G.].5......`)....!...>.k7.f..XJ..('@k..g.0...]..r.iL. z.....a.#.....R...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\UqaReleaseMultipleAssignorsAttorneyFees_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):880
                                    Entropy (8bit):7.778116163584163
                                    Encrypted:false
                                    SSDEEP:24:TZVLhnUkB266XLehsuJi9bOhJFQ8AnStn0:ThUkYbevGbOhJXt0
                                    MD5:E58D05293A5DF238620FF47149429BC4
                                    SHA1:2E6892261A9D80363CFD4B83E8A15DA407E9B798
                                    SHA-256:E7CB955944D5FE73A4C4CA81A8F9C4B88786D2C0E978CED55A3AB401C5A911D2
                                    SHA-512:C5849C5A90C9D7C2C98A664D5DA0310F71DE5C971604FCBE98A4DABA5CBCC3A7F72F040624A0E86296D00694A05BA10C8C211BF6981FC079F9631A04895BE57C
                                    Malicious:false
                                    Preview:.y.>7............i.2.l........F......;...........E..........OrrN....?...1.||/%..b..cxJ.<.sJ.......U...A&+N.'..$a^....gr.."-...K.N+.|.$i...66.Jq.9..U.l1...Xy>..iq...d@.q...s........2.X..W...`6....-W}.N...a..J>.x.....K..m.12...._.......... ]..c........{.3..E..f...Ny.E7.\d.t...j.=.:...<..s.Z.A7..b.....(....GN..T.H..E?.?Ie..G...h...xk@....."#...y,.....tO].]...][1O..+.n..........Rd..[o..gi.8.Q.]{+.RgF....G.z.M!.,......gmU..!Fd...........!J...a.........B.=..B..vA~5.........`...y>..B....(...;.K......j@(.7C.J...8V....aO..uI....B..c.'J.g.2..>..H.R...;cnO]..4r....r.L@$o~....n.,.e...H....Km.........x..F}...&..A..J...x.-....G...=..c9...RZtl..R..F..Wx!..5.w. .6..}z@...]....^....RD..._.1 l.LT.o.{....Ut6JY..u.uqT.XR....BQ.....8D%*.i.%.....}'.M....Hn.o$.k$W-bl+.2.....6..49O.Xu...f..L.g..:.1.q...`W...i.:....O.U...q3U../...$.z.OA.is.s.fP_.[

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\UqaReleaseMultipleAssignors_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):864
                                    Entropy (8bit):7.771458011084996
                                    Encrypted:false
                                    SSDEEP:24:Tt5ANDTmC/o6cQP8dSarX7snDqOK9c9RqusRU:Tt5GTmCA6cQPEXonBKavl9
                                    MD5:F6AEEC9D1CEF4C6840C42A95CAAD9115
                                    SHA1:B5CAD02DB7536C4A25E5D4F371F2ADC950E36221
                                    SHA-256:0F1AE16980D33445670FA373DECB581F1F16840F2FE0A8906A9A067DE8017F7D
                                    SHA-512:FA8CC8506682EC6FB13B76531781FF5015DB7FDA3AFDA89781AB408CBFF84D2C19441ECDDAF2F64612500EEC7F2CE2A3A90FF8BEF9A01B8C3B1E18AB1781B231
                                    Malicious:false
                                    Preview:.y.>7............i.2.l........F......;.......@.s....$.&..|....IP...R.*.yk.K.B?..Q.M.....]].U.-...y&..ei..{.....".[F2...Z.n..#..:....x.i...s..F.....5...>.a..u;.:..jM<%..m.R%.&{........^(...~..k..yW...%u.>g.EH.* .#....df*.;.....r.^...,..].. -^ .l.s.y-.H.N .CGh.3S)2*eK._,........:8......o..Iz.........?.u..Mi........Z.....c1e.(.^.E}w.3...29.4.K..)#9..K...it.h.}.L..UKK^n...-..9......0>Z]l....J[F..B..|^F>......8..8,t....V..F..M.}6A^9.I.6.W.f.....e@YK...Q....l..\t....rM.v..,.a.c.......:N............B..q........`.j{.1..}....=..OS...0./..wG.s@.....".l.....\9.)...*y.Sg..v.C.,n..f......e]T......K>.._nQ...y.mN6...n;9.a.=.F...U.9g.UeZ..o...x....h.a.\*i]..EP.@.b.U.#81z..wf.$...jd.U.0.[....f...).%..l..0M........./.|+okX.\..2z7...)>.AG...Ss.3o.u..S%.M]..P.UA.*..._I..=..+.....".4E'O.i.....\.j..\....S.{.<...2K.gu.....c.$..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\UqaReleasePledge_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):768
                                    Entropy (8bit):7.7524023345574555
                                    Encrypted:false
                                    SSDEEP:12:rvBnGLw1fBTcz9iR4eGk/6rwA+ruuLlZV7/FzmuzWwFG5BygiKhz0XmkKkwxAeD+:Tj1fBQBiR4s6rwRrZLVjFVavi60kDTrK
                                    MD5:45EDF62CFA066FEED10853D7E3D4C52F
                                    SHA1:3227C1033EBEBBF9520426624D3D151D82334522
                                    SHA-256:D8327CA575D3E4E4313DE7CB2C5E18D581AB502E51B47CEDDE028C31973FB76D
                                    SHA-512:9098A222DDECC0C3644C5036BC627AA0D3923911B8B058246AF377CDF3049C607A71EF6985B5520358F3B04706E9753AF66C696D0DB531D8209EAA94BB903D89
                                    Malicious:false
                                    Preview:.y.>7............i.2.l..........}[...;..I.......L.4..<.X._X.8".....x..)w..N...@...<.5....<n...o.F..45R..)"....F.3.............;...W.1..~....S>..-..........lc..[.]l....d.u0....X..c..$.'[.i...k.V].b...y.t.K....-......e.6.j..D0*....q.z.W.Hb..:.....Je.8.I./*?k.%.v...L...l.....A...2.4.u.....,..,..E^.F.G.B..0..v.(.w..1...........l.<.S.k..U......SbtJC.h..A..P0.{b...7.....B5.ln.n....7..z.O...V.p.[.....|....v..!.k....2T....z.&."[[..T....).*..z...O8.......n.u.y....A..j.`9:.&D.z.,d(Wo.L?.*O....w..I...t.3.w.%.)....>...yUZ..Q.{_I.x........,+$>.uK.(...\/7^..dN.y..Z.R.Wf....^....f...6T.."...%..?'....^.1.d.....]>pmj.T...dv.....3.^q...A..?.,...m>f2.P.2Z.N..X. *.Cq!`....-V4.3.W.._....Y1.K*6Jf!..(+-..@.h._...{@%....$././....|.d.8@.......S.:......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\UqaRelease_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):784
                                    Entropy (8bit):7.747346092868503
                                    Encrypted:false
                                    SSDEEP:12:rvBnGpkjaGrotTLsIU5WQGLHwpreazfL+MsouXcQ3aexuBq8dNZ+8N1Z9MP7n8wz:Tt5ANDTmC/o6cQP8d/VPsnDOX23
                                    MD5:3289181E835DEBE9F71F1911E6D2A87A
                                    SHA1:BA4E6469FE5ADC0A7F5615049D51BAA6F66F21FD
                                    SHA-256:F36FE46ADF22490E1FBCA7EE480DCDBB9F5A98D76C35C792A148A63AAC8F2E2E
                                    SHA-512:69F0B21D3B31EED217F6F786205210C94B11614E2B8C495A3F3CFD5C87A69DF99D6DF51AA7BD9DC0F9780CF8514A05ACE6090FCBF25E886739F3D06205066C71
                                    Malicious:false
                                    Preview:.y.>7............i.2.l........F......;.......@.s....$.&..|....IP...R.*.yk.K.B?..Q.M.....]].U.-...y&..ei..{.....".[F2...Z.n..#..:....x.i...s..F.....5...>.a..u;.:..jM<%..m.R%.&{........^(...~..k..yW...%u.>g.EH.* .#....df*.;.....r.^...,..].. -^ .l.s.y-.H.N .CGh.3S)2*eK._,........:8......o..Iz.........?.u..Mi........Z.....c1e.(.^.E}w.3...29.4.K..)#9..K...it.h.}.L..UKK^n...-..9......0>Z]l....J[F..B..|^F>......8..8,t....V..F..M.}6A^9.I.6.W.`.......7...V..>..c...9.b...F....J....NdI.K..:40.`Fi..b&*..X]..>.UA.2.*........t...>..l41..1..p.M...C.L]iL.a%......i.....Cw.Y..'....v....=f..G..~.g....O.._^.?oG...S.....$p0.....x.Y.w............8o......py...).Z.?...6S.;..l@..i.....t/@..<...t..Y.dnC.X.).....@t..p.2.s._.K.Lm. ...S..K.&..8..t..~#k.V....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\UqaReport_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):33664
                                    Entropy (8bit):7.994605677947254
                                    Encrypted:true
                                    SSDEEP:768:5Az7KkQ38V5xjCB4/mAwEIbNC9aGRZc37pT3IBUx4vTmKIc3DOEukk:2nI38V5xjCB4OAsw03x9hODOz
                                    MD5:E3F024B8C91401DADAFC3BF5D4065944
                                    SHA1:90D82CC046B0FA14192861CF6375AE899F8C0310
                                    SHA-256:B98457F0156D7EE80FA8AD33D7833A3DF3E1FCED59E2009FA7523BE2556BCDB5
                                    SHA-512:9658B50B064B50A7DD28CF6117206D8DA10E785246FE73351F0F2F6751B716A71902657615CF82E2A479CB9CBFD297E156B8AEB450EA5E03D08F5C4864ACD235
                                    Malicious:false
                                    Preview:.y.>7............i.2.l........."3.%7.....q..@o.l...l._...B..^..R.dV[i... 5...]...m$. ...h..o^...p.c1.&&.....Iw......H.J..&.9.6_.......k.....?.Y..mD...y.i^.!..@...u.....Tq.r:li..{X....e1U......j!E#..cm.....A..nQ../..m.**...j...>..X......p?.y..!<#.......-.PW.._..]T.O.Bln....p....vN.w...'.ba..>._.:...}...k>>N.....u.3..W....:u..S..%...P[|`.'.p...../v.....F........I..vS.."\.q.Z.....8e..l$.xr.-.M...].04.W^rL&.(vT}...M........~b...{..N.(.iM*...l...K.........Q!.-...2!gz........b.k.C7FQ..&=HG4z....h7..y.!..j..=q.]R..Gg..5&...a\x-O.#.........L...{....@..."..J..vgT8......b...t....;..".....Q.....T1.<.m.. 7.)..f.G.\..2...%.....O.W_]..5.`.3c...MJn]$,>l7p....O.~.:..@.... [..*.aOd.]cZ[.X.....p.B..V:f..Ex~.".^..c{E...N..;..K..V.k...t.....6..cB.^...V.......H].Ac?ve....P$@.P.%%..O....Xan.L.......M..H.9..k.#.....x....=N.|0...w..X..K."a*..A8...8..Y..q..6../.....a]F....|....$.|..;..OO...ht.8..tE..Z.I..`.K9..g;.... jj......8`T.......P......u..Z...G.?.k...0..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Print\Metadata\Uqa_EN.enc

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):768
                                    Entropy (8bit):7.7524023345574555
                                    Encrypted:false
                                    SSDEEP:12:rvBnGLw1fBTcz9iR4eGk/6rwA+ruuLlZV7/FzmuzWwFG5BygiKhz0XmkKkwxAeD+:Tj1fBQBiR4s6rwRrZLVjFVavi60kDTrK
                                    MD5:45EDF62CFA066FEED10853D7E3D4C52F
                                    SHA1:3227C1033EBEBBF9520426624D3D151D82334522
                                    SHA-256:D8327CA575D3E4E4313DE7CB2C5E18D581AB502E51B47CEDDE028C31973FB76D
                                    SHA-512:9098A222DDECC0C3644C5036BC627AA0D3923911B8B058246AF377CDF3049C607A71EF6985B5520358F3B04706E9753AF66C696D0DB531D8209EAA94BB903D89
                                    Malicious:false
                                    Preview:.y.>7............i.2.l..........}[...;..I.......L.4..<.X._X.8".....x..)w..N...@...<.5....<n...o.F..45R..)"....F.3.............;...W.1..~....S>..-..........lc..[.]l....d.u0....X..c..$.'[.i...k.V].b...y.t.K....-......e.6.j..D0*....q.z.W.Hb..:.....Je.8.I./*?k.%.v...L...l.....A...2.4.u.....,..,..E^.F.G.B..0..v.(.w..1...........l.<.S.k..U......SbtJC.h..A..P0.{b...7.....B5.ln.n....7..z.O...V.p.[.....|....v..!.k....2T....z.&."[[..T....).*..z...O8.......n.u.y....A..j.`9:.&D.z.,d(Wo.L?.*O....w..I...t.3.w.%.)....>...yUZ..Q.{_I.x........,+$>.uK.(...\/7^..dN.y..Z.R.Wf....^....f...6T.."...%..?'....^.1.d.....]>pmj.T...dv.....3.^q...A..?.,...m>f2.P.2Z.N..X. *.Cq!`....-V4.3.W.._....Y1.K*6Jf!..(+-..@.h._...{@%....$././....|.d.8@.......S.:......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\001.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1219
                                    Entropy (8bit):6.998915661275358
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQdH/N8i39/62M0a/k0HqZVH1hkPIsbxDvJ2Vs+M9SeQ:XDFhhKYaV3JVFj/OH1Hs7Bsb5vJ2Vs9q
                                    MD5:DB39B3C0AF25685FAE0BC8212A086328
                                    SHA1:B4EBD1B9221462E738B89C4CA7BEC51598DDB21B
                                    SHA-256:C6A3CDF7BD3E6542EC0812B23AF16B519128705EA2F8351C26E000D26EC2C590
                                    SHA-512:391429B368B35053A05F506D01400779480E892B41B7A75E5FD98B6B1A8C347974F21C4EE0B8180F8DEA7CDC743A84609B6C3385230A8FC2DC6B87DD46B41A10
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;;....k.....w~..|...O...^/~.o...g'/.^}u../.8;={q.S......'..._..<;~...O.z...:..~...?.W..?....~...5~._......._.{..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\002.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1212
                                    Entropy (8bit):7.01814504637121
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQsahfOJ2Ih8i39/62M0a/k0HqZVH1hkPIsbxvDyj6Jwd:XDFhhKYaV3J7hfKthj/OH1Hs7Bsb1yj9
                                    MD5:40DAED62F8AB873089B2DBC892690F55
                                    SHA1:0C3FBB81C6192CFB08CFFF3B449BCE019EF4BAA7
                                    SHA-256:4D9CA6E80681047384576C0254392305AC3E0BC9EF5CBD29E45193F139B34720
                                    SHA-512:CFFF2BBD28B177DA7A71E288AA04213F95CFCEDAE5F2F411D6D19290BE42EAB0D33D563D131B47BEB23FD44F4C26930345B86EE8FCFC9B13B53BFACFAD36FDBA
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;;{...k.......{.....89..^.^ON^<.../.}....._~...g/N...........'_}...........N....?.W..?....~...5~._......._.{..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\003.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1217
                                    Entropy (8bit):7.039685313051348
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQGpqyV9ZspJBafrXGSy7Qurzaf5cUbgaz9zcH+3:XDFhhKYaV3JBa2oxxcUshH+3
                                    MD5:29CA193ADC600A78754DFE21CC066349
                                    SHA1:4EBC14CF6E9D28B1358EA11FB729411623ED6AAC
                                    SHA-256:B18BA00A95E50FA6E3745851F7F31217ADA1D9B7FE1313C7AA732BC2DD022382
                                    SHA-512:CA0E1B7C48E54DAFD3DD4DCD7771390A6B2F45B096981E8EF6D17BF3E1A890D52E0921C1F4DC451DAFB4AE560A6370CCCA31E51FBAA65F3864FA30D6DDF60C2F
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;;.~._...5~....O..}.../~....../.}......~../.....O......}|..._=9..../....../~.._........O.G....u.._...'....7........~._...5~C..............*d......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^.......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\004.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1220
                                    Entropy (8bit):7.021115921003242
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQsa0wCTHwXAAf2shjZCcHNmuS39kxzHc8UYtDEyWppxf:XDFhhKYaV3J75CTHwX5uCCsm8y8rZEIY
                                    MD5:22DC1540E53442B0AAC3B72743AB1402
                                    SHA1:5909E3C023E09D225AB03010D09846F530AF7ABA
                                    SHA-256:E0F15EFE6822E70DD313180F6DC2D71B6EA6AD370FF4020515D09A591F49CCF2
                                    SHA-512:81C37FA7F0851208EC4EC76DF2282E4E3B94B17609EB131CEDF2241CE0C1D769D14156B51ABA6294107326284854E95E0757BC262FD2123025469485BA55A3D5
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;;....k........O..}.../~...........o?}..._~.......^....}|...gO../._......O={.k.C...?....o.c...k............/.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\005.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1148
                                    Entropy (8bit):6.975726060098659
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQkS94zxNSJ1xLpxCN+VJ2LEz1c4:XDFhhKYaV3JlRKR4
                                    MD5:08A13E4F5A8F85C06E6E3DF6260658C8
                                    SHA1:ED6E84E2A3A37EAA59964D301A4FA94D78F465C4
                                    SHA-256:B4EBBC4C665EE160AA367CE888349F702C45FA22117DE1F58EADF9E3D3AB7488
                                    SHA-512:144B68E20D37813B4E7A6DB8723345DB468CC5AE9D3868309564863BF86021581AED5873CBCFE2213522131505D898A852C21D35D6BFB372F7D072AE547BB2C0
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;;..._...5~.....O.8;;>9..^<.....N.^...8........O........_.x..;O_.....O..........]..?.....k....?...G..................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......5~._._B

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\008.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1231
                                    Entropy (8bit):6.992778715175627
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQaqLlqxQhLWxGJO87xX6HlHkrp4/Lug/2uy3z6db06Ii:XDFhhKYaV3JNd/J/oHpg4zj/xsQ5Hn
                                    MD5:7AC1DCCAC61358FDAE2B71FAD3C960B4
                                    SHA1:5B7777A97AB12201D6C763ED0444A88848C87BCC
                                    SHA-256:A9C5DFAE6D34DAC1ED442086BEC99EB4E6296BE5CAA0AAEB00044791C060E847
                                    SHA-512:65707E89466EA9A70698592163CD2DB2339417AF9B72CEAEF418D20199FF973042DFEE5C9CF7C7760FAF2C54E2B6AF2EBDBCE874B1E69655E6CB6A30C1E59126
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;;....k.....O....}....u......../~...?...._~...?..../...'....~r.{=...;.~../~.....5...z....?.......O.{..o./.=......z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\010.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1234
                                    Entropy (8bit):7.004584676978703
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ7LyxwS94zxNSJ1xLpxCN+VJ2LEznqM9edx1C4:XDFhhKYaV3J7UBRKz7
                                    MD5:E61EB26E204E7796CFF9ACC4A42AFEAC
                                    SHA1:84949829C62521E9722A9E1E022E87413F755C33
                                    SHA-256:BDCAFB0366642CE3DA89AFCA4EEA41056A97AAD4CE9ED46B3A4B1A65EA74F80B
                                    SHA-512:72B37C3732A727474A727BB5C05B1285120237277F7A06ECE7DEB44A1665A0C0E82E4C12184C2F17875A777BBA1CCEDCCBFC714E2416A0D83301B66C0C82C5BE
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;.;...k.......O..>...../.x............./.xr.......W.=........./_.:{..O~.._.../~..........k....?...G..................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\011.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1235
                                    Entropy (8bit):7.0240763815070855
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ75qH5a6QhLWxGJO87xX6HlHkrp4/Lug/2uy3/4qaoO:XDFhhKYaV3J7Sq/J/oHpg4zj/xsXO
                                    MD5:F9F07A4D388B8C12A029CE757D3C074B
                                    SHA1:FF109676348DB9DF9D7B6F4523852396AE256161
                                    SHA-256:1087B18C57180C45BF5586045B1B686D8553B317C1E422AA0C7F6D5A190DC5FA
                                    SHA-512:B33F2A1E4F35C1FF8FA9482E07394A2E597775B06B562D46CDAFD35952D54023F38F936E5AD6B7AD348C73D2EE6165ED781C0B3DA9F177F6C4CA0F6DF0782FBE
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;.....k.....w.....;OO.??........W'.../~........'...{?9>...>{....?...<~.S......O.f......?.......O.{..o./.=......z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\012.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1246
                                    Entropy (8bit):6.97381999557733
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQsEtFzhj8i39/62M0a/k0HqZVH1hkPIsbx+Y/vrl8fIg:XDFhhKYaV3JFvzhjj/OH1Hs7BsbpXrlw
                                    MD5:C1E8098DACD6012F2AA76B0F18789C65
                                    SHA1:1462B40903732560486542FCDEC19FC5E426A820
                                    SHA-256:3B0C436EEDAD908D67D8E04576E8211DC81D9A8B35D0DBA2F320687D3B2D291A
                                    SHA-512:CFE632F153F7B3A1B128D97F3DA728BA91C50D60BFA59F9C06DBC8FDF34DD0B7C387EF5EE8529F5B1C2F23724382F1FD5F31BA91A002D81B7704E005B764110E
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;.{...k................./>.../NOO.<y..;./.......g?...w.../....y........<>.../~.............~...5~._......._.{..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\013.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1232
                                    Entropy (8bit):7.044844130659177
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQuXAC4DcFAiuY8C+ZkdWa7DUQcrT0Rm:XDFhhKYaV3JuwC4Diz8ChWYzcrTV
                                    MD5:DF58F3FC96DDBEB9E02D766EFE697FAF
                                    SHA1:E06D90DE3F2F5359D7F746151643FEC79B372BF6
                                    SHA-256:28BB02C52408E1105BA3DFF6DF783FE099AF1FD0652E8E535EAD6084694668B9
                                    SHA-512:9EE0245A60E04F3CFF46C29B340256E3A39FAA379E3142B4FBE5031472C0356820BFA3A105C210C7B9715ECFD095E6E49C954C8D98746B04C1605AD535F41D53
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;..~._...5~....O...y....'.~.../.~....../^|...?ur|..'.........'/...<~.Sg_........{.....~._...5....?......_..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\014.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1221
                                    Entropy (8bit):7.024298189674779
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQsvfsxthP6AAf2shjZCcHNmuS39kxzHc8UYtDEySUHWP:XDFhhKYaV3JmWthi5uCCsm8y8rZEIXxK
                                    MD5:7635BDBF317AED1444F633F325098C2A
                                    SHA1:ACFA664F74A7B2F26D73D9D2E0CE4327E8B539C5
                                    SHA-256:8668D82DD14A858E36CA06383C05D199DBEAD6554C4969ABD8B688909E11D600
                                    SHA-512:21AF0246A8D63DB8C312900110F0E28C45A0615DFD32D404E5C547ADA652B7767A897D8242D7D49A221C39A6AAD95A346E5F236A5F9824755EF06319C58C485B
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;.....k..........?y...../.O.._..O<..N_|..W?...z~...}.....9...)}.....g'...G.......o.c...k............/.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._....~

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\015.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1226
                                    Entropy (8bit):7.014956399176796
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQLgcc9hGYTmfVHMhfgXwrPmT7sILoaKKMVfGLGD+MaOw:XDFhhKYaV3JUt9fmtHMhewrBuoB1sKD6
                                    MD5:2E9D366140474CACEE594E65B2E6AC8B
                                    SHA1:F9E5A8AA143BB747DDB35355B5DC02D1E3730917
                                    SHA-256:1230B9AF966AF00DF3508EF5B57F5890A517F8E4E74D36A97C1F4D3533330B54
                                    SHA-512:971C827A6F0BC2DB5292A6847940571579BBEAA5F7AE7550B8BB3C2C8AFEAEA13D9D70C7581BAFF6334785491A0F51BCCF4560847ECB76D36AA05BDCAD56CBF2
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...._...5~........<...........w^<?...8}.....<..g./........N^|.../^.....:.....................k........K...G.z...k...!.N.._......_....?....h.k`......7..|..7.5~._..@..K~._........5~....~._........5~...7.5~._.;..t.^.u..,7_s..]..;oD....>....u..6...U.......u~..1..X^h..o...!..........A.............7..)../.r.........&....O........]Ct~}}........c....k...&..............r.k........&..........5...................h..?.v.&...~.......o.Co........7.A....~M.2..........h...5...........ch.k....../......<..k........_(..C._......@...m..?.;.....c...k..?..~._........5~..K.._........5~......5~...._...5~.w.5~._..~._...5~]....!..o.E.l.o.E.2..j..`N..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\016.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1224
                                    Entropy (8bit):7.020653264982716
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQohqZU5YTmfVHMhfgXwrPmT7sILoPeNmywk06bY8Z:XDFhhKYaV3JocHmtHMhewrBuoPeNmnyt
                                    MD5:256578E99151C78BE69B52BB529B81BD
                                    SHA1:24898745C39F743654D33ADE0238ADE9BFD8F6D9
                                    SHA-256:3DBBB8A045135B1AC3FE6703767CA92F43A849F831E4D1D87B28390618743426
                                    SHA-512:72E5D5AF6D93E23B113D08540A18B641CEB4EC5E5E4362D09D45653DCC48F7B2841B4C3AAD657DDE290069BF304D4693285B1C2D5E5F9347B63B3944F19060F9
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...z...k..._~......_<?.......w...^_..~...O........=9...o..S_<.....^....O=....5...o.?..........k........K...G.z...k...!.N.._......_....?....h.k`......7..|..7.5~._..@..K~._........5~....~._........5~...7.5~._.;..t.^.u..,7_s..]..;oD....>....u..6...U.......u~..1..X^h..o...!..........A.............7..)../.r.........&....O........]Ct~}}........c....k...&..............r.k........&..........5...................h..?.v.&...~.......o.Co........7.A....~M.2..........h...5...........ch.k....../......<..k........_(..C._......@...m..?.;.....c...k..?..~._........5~..K.._........5~......5~...._...5~.w.5~._..~._...5~]....!..o.E.l.o.E.2..j..`N.._

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\017.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1241
                                    Entropy (8bit):7.039821539084274
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQFcaHQyV9ZspJBafrXGSy7Qurzaf5cU0KhMdz1bfpxMO:XDFhhKYaV3JDH0a2oxxcUnMXDjn
                                    MD5:A146A25A0ABCBF0866B6641EB07D632F
                                    SHA1:0F5BDBDAA4CD4C949C116511417E9A1192D91773
                                    SHA-256:AE3156D4D33F196968C1857CD776A28D0FC6C9EEE48E7E7AD5C084735E28B4CD
                                    SHA-512:67486EFE36BE4BE5AC1ACAE7596E24B6EC7B8F6D90A92538C514D289DAECF5C5D43FE2AD3E4E828F5AFFE79D4FD0237F9A665018060E0C411588B9F9DDD00ED0
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;..~._...5~..._|u|.{==9}~............;_.>...;./..........o?.}.x...w^....O=.....v.....{....u.._...'....7........~._...5~C..............*d......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^.........

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\019.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1227
                                    Entropy (8bit):7.034310560375662
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQFZ0AAf2shjZCcHNmuS39kxzHc8UYtDEykYyk60UsG/:XDFhhKYaV3Jb05uCCsm8y8rZEF7/
                                    MD5:E8AC010EF7315C24CB9E61BAADC70A43
                                    SHA1:9C81351D922FF4EB63B9A88F8C004205CFBA15A1
                                    SHA-256:E52FF3491E2DAB71F52122A416588AEA7A224A184E908E0F1C4E2DD5BB309651
                                    SHA-512:27C2EF61A54F17D81ECC9596D34A8749399F89DFBD4F0F75C7AE46324388656AF0047B773C4F2B2408D35CAE087E31DE7D37843F598C20BCFDD0F67ABEDD2633
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...._...5~..W/.:........<........../.x.........>~r..'.}.......?y|.S_<.5~.?..Z.z..o.c...k............/.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\020.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1245
                                    Entropy (8bit):7.021130529323992
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ7yvAAf2shjZCcHNmuS39kxzHc8UYtDEyOxO/Y66rpF4:XDFhhKYaV3J7o5uCCsm8y8rZErE
                                    MD5:6394E546C0E639DA86C381F428D8152D
                                    SHA1:8743CC46D1092A687E8D5777EF613D410BF1FCB6
                                    SHA-256:5031ABFFB75416CF725DDC5588747C38D23EA820D94DC6134AE3FEE2DD49B3DD
                                    SHA-512:F53C52F85714E9E0DFAD2831C142D93794698A3FDFBCDAEFBACF3E3A44C11EE7BFB176ACB3B1BE3D0368D43C5207869C1BABF1C7A170AC66C7031E1056A5723E
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;{;...k......7.O.<=....g._<....O~u......w.?...:..wO~../N....._.zy....?....._..o......o.c...k............/.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\021.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1227
                                    Entropy (8bit):7.001616178712039
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ75DMcBQQhLWxGJO87xX6HlHkrp4/Lug/2uy33qwzyjL:XDFhhKYaV3J7jf/J/oHpg4zj/xsOcq
                                    MD5:D0EE33AA9F4B4209C44A8A4529156A01
                                    SHA1:25CA4B00DA4D078F75C7BB57CF6DF8565702280A
                                    SHA-256:5C072505A002B946FBF2357D33D9148EA5A2B8ACB38F2530AD7C6ABEC46A658E
                                    SHA-512:840B08952C63B1A7208CCD364C238CF4A39D8C6CB3ED236F7196B5E045874D5219E30BBFD0A52620873F3AFBC14366D6EE41D929770BDAC8EB0A152E8579FF69
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;{....k.....w.......~...g_.8}....z...._~.{=..g?......^._<..O....._.....................?.......O.{..o./.=......z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\022.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1211
                                    Entropy (8bit):7.002209046520149
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQFcIRsS94zxNSJ1xLpxCN+VJ2LEzsEHgk6xr24:XDFhhKYaV3JFc6RK+Hturl
                                    MD5:9A767ED041410D157C43A9014DD06853
                                    SHA1:2C129BD30614AA2CDD9851FBFECBD731CE559D28
                                    SHA-256:53130093BBAD9D84710A5BCA0A2A923D9D9BFA1EB97E31019FB239B4BF657C2A
                                    SHA-512:8361BC8E2BF08194B86CE99394C6BFDCC01910A021755F99C7586CD4D9AABD9760209527B1CF2D16BE0ABEBB297F8B507F2103C561AD2ADA9FCFAB62143AF7DB
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;{{...k........................z.{....._<.......}........_=............O.........O........k....?...G..................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\023.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1222
                                    Entropy (8bit):7.011879788243852
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQeJdV8i39/62M0a/k0HqZVH1hkPIsbxwQqZ8+w3:XDFhhKYaV3JeJdVj/OH1Hs7BsbSc3
                                    MD5:0FC48A361D9390C43ED00AAE362A5D98
                                    SHA1:CCF1747BD2DCD2477A1AE6DB24DFFAD393FFF1B2
                                    SHA-256:88EDDD8CAFE87570EFB0490D0A2DF8E2BA5B147F68C99021A63C19BAD0B5A185
                                    SHA-512:1C284A482660038BABFF85AD861608A6719620225168DC0E91E5DF8CE34598D831D3CC2398E16BBC4ED409B14F55A86AB6AE0EBE54078CED2A3B05FCD922C151
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;{.~._...5~...?.....O.}q.....g..x..../~.....:;~..'.|....gO..|...O.....u.k...._......~...5~._......._.{..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.k..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\024.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1231
                                    Entropy (8bit):7.038974097400482
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ06gXAC4DcFAiuY8C+ZkdWa7DUBdAKcBAUq:XDFhhKYaV3JDgwC4Diz8ChWYcvcmX
                                    MD5:CA32AA1D8054B4E589258C5770EA48CB
                                    SHA1:A7BAD3D3E18EDE7AD420834B37576B546303419F
                                    SHA-256:A3D6CBB7250E44CF72A297695FF3B7AB2428259340B62A33872A842514DC15FE
                                    SHA-512:313F0FB04799829F04B1D2DBE5EBD349C1C57FED15BB35E305344951487BDE3A94FE508FCC460BD40ADF93D7814D371CDC2D990E77F14E41F45D700D5BD5EEAB
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;{....k......?..o.^.'.......8}...w..7.O....|..~..o..._.}...O..?y...O............V......~._...5....?......_..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\025.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1220
                                    Entropy (8bit):6.994274469351358
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQdz5M3JS94zxNSJ1xLpxCN+VJ2LEznrx2kk0FR:XDFhhKYaV3Jdq6RKcrxn
                                    MD5:1AA529C9963ABCEB983297DA671BE41D
                                    SHA1:68A3F6962895719B823DF6E59203F8777481BCC6
                                    SHA-256:D342384169AC0A7071794BEB2ADE76B1850FC59E146745901A3EAD5527CC6147
                                    SHA-512:A4CD9FB8F07ACE77E14C0A59D260D08EEBB0B7BAF8828DF2AD5002F777B123956927376631D42F75BAEE9B05804EF0F315212FC520988C82E95B85704DC84257
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;{..._...5~.....8{vr../.?..S..~...s|..o.....?uv...>>>..'.|...._~...'._.................k....?...G..................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......5~

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\026.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1196
                                    Entropy (8bit):7.0072011646416925
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQcKQQhLWxGJO87xX6HlHkrp4/Lug/2uy3u6Pc14:XDFhhKYaV3Jr/J/oHpg4zj/xsy4
                                    MD5:DEAA5DBA307D5E24A89DB2956FC837A3
                                    SHA1:F84D02DEA0070C2D55ACB8D7FC0646F53920F454
                                    SHA-256:57C0FA5054D37BFE907BD4C6B517EADE2EBCEC6A047D43617555835D07F35C47
                                    SHA-512:94BA6F7A724AC4347F5A8307375812639B08EF6AC4A910444C0D991D3E552C788EF9A0423AA455EF9B69334B0A4306C8E89883AFDD412BF1BED370280589B97F
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;{..z...k..._..._<.../.|...8}...'?......g.....zz...C.}...O_.?.}^...z....5....._....?.......O.{..o./.=......z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5~.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\027.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1197
                                    Entropy (8bit):7.026258157652571
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQRQKYkY9CwchdXaB0wypv7nzTsfjELTKckll:XDFhhKYaV3JRQdkcCwEa+w+vzzT6ETk/
                                    MD5:CA9439AE1C8065E8B86EB2F5B3E251D0
                                    SHA1:C921BD17007E3327297A224D8A1517A466F6270E
                                    SHA-256:F9C240C21F2277047C49965C73EF3E434710CE4B6359B75AA13F0C245F8AE7B3
                                    SHA-512:1E528E9A6F2D67FF4B360739F528F35F63CBD826FE78E8E599AB7B09FAAEAC41DE4DFB7D2F9B4A63318BDA02C121CFFAD994DA414D75F307E7EBB539D3366756
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;{.~._...5~...go^...^'.........O_<..w.zz.......~......../....?}q.{......O=?.5~...oo....7.._...5~......~........_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\028.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1193
                                    Entropy (8bit):7.055419295936139
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQo61EyV9ZspJBafrXGSy7Qurzaf5cUmYOpPn:XDFhhKYaV3Jo6Ca2oxxcUm5f
                                    MD5:2E0EDE128C65AC42FAE51F1608A9A4A7
                                    SHA1:FE56EE38166FDFC8F95C7A53FF4C17CFA3C165F6
                                    SHA-256:39ADE6BEEBB1EC14F530ACEDD000BDFF2D9F81698E446CE3E6B46298FB2F1AA6
                                    SHA-512:62749E243E6FD299B0EA3F5033EAB920C94E54D58ECF8A64ACB02D9F099DEB50B18B3FCBE5BF5100C6D0FA53AB7B5737998CF5E3772DB467C3BD7EDECA83572C
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;{....k.....O|.....^_...{=}qz...w....>=../_.?........O.|.'O.x...;'.?y|.S.....5......~...u.._...'....7........~._...5~C..............*d......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^........

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\029.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1191
                                    Entropy (8bit):7.0533986105355355
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQat5YTmfVHMhfgXwrPmT7sILo0JKtASZ+/Rb:XDFhhKYaV3JusmtHMhewrBuo0htl
                                    MD5:8C51759E2F8D057D8089F9A17BE263ED
                                    SHA1:655C66CC6F16A3AE9ADC1CF3B3CE5E351DEA8D82
                                    SHA-256:2A16C5A66BAAA5DB8BFF8708C0EBF5CF9E11272164DCBAB4E2B5940A01419B3D
                                    SHA-512:C60E62F964B889D6FDB31B50F54FE9E4105E368FAE518990317300E8EC6F802987F13E5CC67EF580005DB6495ACC8D466054CF54EA92BF7E2CDC76B6C7183BA1
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;{..._...5~..W..O.8....../..~..._....<9yz..O~......_~.......;?y...|y....?.......M.o.}........k........K...G.z...k...!.N.._......_....?....h.k`......7..|..7.5~._..@..K~._........5~....~._........5~...7.5~._.;..t.^.u..,7_s..]..;oD....>....u..6...U.......u~..1..X^h..o...!..........A.............7..)../.r.........&....O........]Ct~}}........c....k...&..............r.k........&..........5...................h..?.v.&...~.......o.Co........7.A....~M.2..........h...5...........ch.k....../......<..k........_(..C._......@...m..?.;.....c...k..?..~._........5~..K.._........5~......5~...._...5~.w.5~._..~._...5~]....!..o.E.l.o.E.2..j..`N.._.7..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\030.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1204
                                    Entropy (8bit):7.029354340226784
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQpN1TeYTmfVHMhfgXwrPmT7sILoRV/QhaTwzWDP:XDFhhKYaV3JxlmtHMhewrBuoRRQTOP
                                    MD5:5AD482B48B3484C18AE26EE13915681B
                                    SHA1:F5232243288659AFA67025E0CA5E35019EAD6E00
                                    SHA-256:B2C8C7227D6CB6FD69C5853F44A792F35750F3407311E788953D47A181439969
                                    SHA-512:5FDF142DD33DA6B11506A2CBDECA49643BC2F5B202C86188D3A365E35DDBE04E0941444017C913AE461875CF66C64EF599B3B84C6AE9A37830B21C4719D87A60
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;.v~._...5~.............O.?.q.{}q.{....._.^..~..~...>y~..O.|../^.:}../~......?..o...}........k........K...G.z...k...!.N.._......_....?....h.k`......7..|..7.5~._..@..K~._........5~....~._........5~...7.5~._.;..t.^.u..,7_s..]..;oD....>....u..6...U.......u~..1..X^h..o...!..........A.............7..)../.r.........&....O........]Ct~}}........c....k...&..............r.k........&..........5...................h..?.v.&...~.......o.Co........7.A....~M.2..........h...5...........ch.k....../......<..k........_(..C._......@...m..?.;.....c...k..?..~._........5~..K.._........5~......5~...._...5~.w.5~._..~._...5~]....!..o.E.l.o.E.2..j..`N.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\031.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1212
                                    Entropy (8bit):7.046995819317443
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQiD1ZoXAC4DcFAiuY8C+ZkdWa7DUwyuWyZ3zi:XDFhhKYaV3JiDMwC4Diz8ChWYzhZ3zi
                                    MD5:0026DB1D4872E5E6D82D287B43C96868
                                    SHA1:14ED22BB812F5F62411483A2318AB7B06FA9CFC1
                                    SHA-256:86395FD6DF5D50203126932D5E60C7288C11400199B7ECF37F66EA15B7721F45
                                    SHA-512:FD2E5943BCC4D4ED43EC1FF4E1EC56DCB20A970C1AFB8784307D2FD7319E6B92E3816343177345112D7A91BD1927A9AD5B2F9591392862B227842E9192D9A63E
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;.v.._...5~...<....;O.>........|..............|........<...w^.=}q..?q.../~......)..........~._...5....?......_..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\032.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1194
                                    Entropy (8bit):7.028356017723806
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQwOJf2YZ8i39/62M0a/k0HqZVH1hkPIsbxG5yZNawDz:XDFhhKYaV3JNpZj/OH1Hs7BsbA8z
                                    MD5:A54775D2009BC3F27B6C480E72AF1053
                                    SHA1:A77D16BC8C8736250AD32F7A99B918880464FEF4
                                    SHA-256:DFE7B4984A069E7EA68B7A986A645317C4FA3916CF858A93E43ECAA5159F7C67
                                    SHA-512:7E3C142119645B2044FC55A8C9F1BE206F7CB21EA602875986120DFC5E651607D427E3644FF3222BCEB86A5EC274758EB7F494BA98E4CE423B0D42BB4097498A
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;..~._...5~....7/>?=}z...|...;O_|~v.....g.?y..O...O~...O.8;y........?y|.S.N~._.7.........~...5~._......._.{..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.k....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\033.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1187
                                    Entropy (8bit):7.011787451222408
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ3wvQhLWxGJO87xX6HlHkrp4/Lug/2uy32sfPBkxb9i9:XDFhhKYaV3J//J/oHpg4zj/xs2yBkZK
                                    MD5:124E3AF5B5ACCC1EF24298F5BE11CE5C
                                    SHA1:8E93B15DDA2FF9C1CF31C2DF4B2445DE9F3ECAF5
                                    SHA-256:BCE1651F49FADE3CB571D8490B0C73A1B3FE0BF7ED5AD9D82F65C75435043F6C
                                    SHA-512:EAD2B61BEF3BDE21531B801A73697C800891E848A507B40CFA79C3358ECF01BD3028A0BC6AC20B5E3A5412C52F6D9455F079F753AC6DC43251D33C0F3A974E0C
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...z...k...._|....yvr.............z..O_|..|..9~.S.......O........_~..'._.............?.......O.{..o./.=......z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\034.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1216
                                    Entropy (8bit):7.026498706222318
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQcDpG/XAC4DcFAiuY8C+ZkdWa7DUYISeFuT:XDFhhKYaV3JcGwC4Diz8ChWY0W
                                    MD5:CBCF9AEFCECE1021C5B2D0F453185163
                                    SHA1:A5EEE58A465A9796FC600F0CB98891BA1FAB5E39
                                    SHA-256:14F4235840632E627F42E5C102151DF7B3CB24124AC78BDB0D0CB052137D8F24
                                    SHA-512:6BD710449BBBB4FD3307E1744F24F11500EE40EC835BC861148EE937BCF90985DB3B6964CD1254C87C287C68CEB0B3F8B99579D7AFA2BD47DAC121448F122607
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...._...5~../.....?......g.}|...?..W.....~...?.S._}...._|..;_<=~....?y|.S.?.5~...o.=......~._...5....?......_..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\035.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1216
                                    Entropy (8bit):7.016926896607743
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQvt1AAf2shjZCcHNmuS39kxzHc8UYtDEyaBgmXkpEPL4:XDFhhKYaV3JvT5uCCsm8y8rZEnc4E/
                                    MD5:13B5AC4CA27442C3A2A587E46FA17336
                                    SHA1:607ACA3D4334A9C7136CDC0880DBE4D7B9FF569F
                                    SHA-256:FE543DB958E57A366B6B812F173EC75420F0A68F731F18507A7B46BD320AA597
                                    SHA-512:69C426DB27874D1A7E2FA3809E6453A2B8DC20542FFC834F77261D4A44CC420C013A63FCBB1530C045ED32CBA350D59725F4F13145527494F0932830C269E083
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...z...k.../.|s|.............O..^..g'O..x..w.?...:~......g....O......O....._...]~...;..o.c...k............/.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\036.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1202
                                    Entropy (8bit):7.062907487621647
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQOJ26F65XAC4DcFAiuY8C+ZkdWa7DUaJzoYI6BMDO:XDFhhKYaV3JOWwC4Diz8ChWY5MK
                                    MD5:2CC918B88B001DD45D63AA6AEC04856C
                                    SHA1:6C0E943D3944F0BEAB4CC78541A67AA90693880B
                                    SHA-256:A525F8F68D0351E13D2773C40760E5CBF956607D31FACC5981271A008E510447
                                    SHA-512:E3A1FB2B42A027024EC137731FED9334547EAED28042D690F9EB041F4B256493309947310414C8F7CA96A1C45694D08F5746AC63B6477C7FD38D939A4AC159F6
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;.>..~._...5..|......./>..O..~.......>}.....;/.....w....._|..'.=}.....?y|.S........?........~._...5....?......_..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\037.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1210
                                    Entropy (8bit):7.010604195072306
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQLCBs5UwD58i39/62M0a/k0HqZVH1hkPIsbx4OHVygI4:XDFhhKYaV3JFbNj/OH1Hs7BsbpEh4
                                    MD5:5BCC957E8A78193FE96FEE0ED63396AA
                                    SHA1:40E3451A753D3FD6EF9204F3DC797B8F4C147B78
                                    SHA-256:C2398D75A39AADA5FADCA945ED5EFFD69751C579A8051B3BB5C1797E0083B105
                                    SHA-512:B47648B889A4D31B216F641E0B9E2962DED493BB30075D4A7B1A0740AD0C7FEF7FAF12A9C35B424BFF6CABCC7FF46CA295AFE48CA41BD35318E9E910546725BA
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...z...k.../_.>~v.O_.?;...OO.....g/..........)...O.....N~.3j.{}..'._......W......~...5~._......._.{..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.k.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\038.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1197
                                    Entropy (8bit):7.0441932013852355
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQw4N0QhLWxGJO87xX6HlHkrp4/Lug/2uy3Syuke5vSf:XDFhhKYaV3JV7/J/oHpg4zj/xsKkU4
                                    MD5:053B1702D66A8A7F626573E8629177F3
                                    SHA1:D33386B72C45BA39D0440AB93FC1C15F3F91688B
                                    SHA-256:6DF2010AF17C2D9F12329D9D2BDFA721A01B59C6BC85347DBB4FDB632B0DDE15
                                    SHA-512:66938DB64A46F5EFC90D55217F0AD996811307415D3E1C41C56E773D259D58B51D445F6AF45E8E8D4DD90640E2D23B8DA42C5415682AE7DC3BFFF56A5143386E
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;..~._...5~...x....xz..........<}.{....../~.g.=~.SO......_.../^|....<>...g..............?.......O.{..o./.=......z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5~.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\039.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1212
                                    Entropy (8bit):7.044726376068022
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQYFcEYTmfVHMhfgXwrPmT7sILoicrBxN:XDFhhKYaV3JY2vmtHMhewrBuo1r9
                                    MD5:3D59D4F6438345EA672FCDC6C1847E47
                                    SHA1:D3ED8A60466CFCEC0F969B1BF4BABAE1936085AD
                                    SHA-256:3F278A907EE117624AA0D3575E0E6FBA13C625F8043F7BB2E2006B2CE7D811D4
                                    SHA-512:AC205C8A8E3C5DE57F75DEEE5D542A1CC9166F42B5018DFB76ED371C86C5A7D601A3CADD32C24A52F4FC8514A0199338F459A3BA7730024D20C272478F51C2F1
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...z...k....^....g.~z......../...x.....O.x.S.........|....g.?y..>?.5~.W..o............k........K...G.z...k...!.N.._......_....?....h.k`......7..|..7.5~._..@..K~._........5~....~._........5~...7.5~._.;..t.^.u..,7_s..]..;oD....>....u..6...U.......u~..1..X^h..o...!..........A.............7..)../.r.........&....O........]Ct~}}........c....k...&..............r.k........&..........5...................h..?.v.&...~.......o.Co........7.A....~M.2..........h...5...........ch.k....../......<..k........_(..C._......@...m..?.;.....c...k..?..~._........5~..K.._........5~......5~...._...5~.w.5~._..~._...5~]....!..o.E.l.o.E.2..j..`N.._

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\040.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1213
                                    Entropy (8bit):6.984616430596584
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQFY5S94zxNSJ1xLpxCN+VJ2LEz9stFpdh:XDFhhKYaV3JK6RKSATh
                                    MD5:7488A82C78EC8D15ADC7C9914297A062
                                    SHA1:E060717E2FCFEAEC14718E195F99736DE42A4A97
                                    SHA-256:2D56B12619D6520697A4146C2F7D00DDE5C098E7957C804BA55FB29B30BBCFB6
                                    SHA-512:91005006A1F822CED76C5AEB44DDED3952CD41D25008F559FF4AD7DC8DFB97263F25FB7A2ED768A03589420CE4F5A15CB98901F91F8D9297207B83682E830F96
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;.;...k.......7..99=...<......O_..y...._|.;_....^...{..<...'.?{....w^....O}....}._.q........k....?...G..................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......5

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\041.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1209
                                    Entropy (8bit):6.987816318838916
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQdZ0lnQQhLWxGJO87xX6HlHkrp4/Lug/2uy3xtyuu6Qz:XDFhhKYaV3J2V/J/oHpg4zj/xsxr2wE
                                    MD5:86E6FD6F08B070489A45419FA8559875
                                    SHA1:32050AE28C40E6CD08EE208136EC8F39FAE3B03D
                                    SHA-256:D58C2C2643A2E3614D757F77EAF47EFA52DA3A43BBE75BFCF5B68EE037DC3A92
                                    SHA-512:3619AAAEF2445DA7C8434C34B675AFAB33C258F6497A79D966413A4D49239C0077B1BCCC617A651C3289CF652E5949558C1F9A1960AC1FBB3B52ABB7D5782DA3
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;.....k.....w...o...'_....w.O?...W..~....?yv....~..W....o.qz.........?y......5.........?.......O.{..o./.=......z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\050.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1122
                                    Entropy (8bit):7.012923971875025
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQYY41AAf2shjZCcHNmuS39kxzHc8UYtDEyvFP6bBhB/:XDFhhKYaV3JYP5uCCsm8y8rZEwgbJ
                                    MD5:30FEC64389D6242E2C8B47D26E380FA6
                                    SHA1:42A01D8523935C57DDA0B38ECEA3C6A1F2302BA9
                                    SHA-256:77D669DEA481099DAE3A7C6714A1C8108E16A9CCEAC6898234C47D64A0D99744
                                    SHA-512:5E92B921B6B4E985A4D6CFEA4E61A6410ECCE658EAC1A95CB3881615DC03E43F54803F6C1CC86C40E90BC05979BEACE139FCD64EADE032F856625448F41D96D6
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;.w~._...5~...7?y|......1.S..............._O.._...$..k....o......o.c...k............/.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._....~=|..e..k.W.{.k.........

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\052.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1217
                                    Entropy (8bit):7.068216784668287
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQLsyV9ZspJBafrXGSy7Qurzaf5cUzgy5BEmrOl:XDFhhKYaV3Jka2oxxcU/DrOl
                                    MD5:81DC4EA8B987B0E11A8AFB852C817EF2
                                    SHA1:FF74292254C2D8A089FFC19DD150C52D4CDAFE23
                                    SHA-256:0918BD75860F251D997E30F1E75BC80E6CD1FEB2C5C547DA866CEA24C1DE151C
                                    SHA-512:44E62C1656F9E617B57FA489A6F2F69097BA8E80C9249201E0BF3D39C0F185D819B30A0C1BBA679AE5498C568A00281F44707D346E3834180D42B1E38D19AC8B
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;..~._...5~.....'_|..zzr........g.gg...O^|...~q.S.....~r|..Wg.?=~../~...O}.._..l..........u.._...'....7........~._...5~C..............*d......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^.........

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\053.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1235
                                    Entropy (8bit):6.976785249905686
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQIPXb6k8i39/62M0a/k0HqZVH1hkPIsbxuiqyhLz1sTW:XDFhhKYaV3JWb6kj/OH1Hs7Bsb/Zggay
                                    MD5:ADCB29BFF75B79D22E72C6DA272F444E
                                    SHA1:EECA499ABA9B52A555A0046641B2B17D3E9BD417
                                    SHA-256:EAA31B2DD0EF1CB3C94BED78C3818E246D35F3F18F071447D25D27489F1F3E0F
                                    SHA-512:502E45BCD9B8FAA724A6CC251D0BF9DE13BD3BBFF5EE89BF35C18AE7F5D5AE8A140E222226A7063836C04FE623D42FF7004D75E620EC207D032AE870B45A6544
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...z...k............|.{}....?....g.....o.....?...7....._|..;.yz.........O...k............~...5~._......._.{..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.k

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\054.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1230
                                    Entropy (8bit):7.0017936822471505
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ7QhLWxGJO87xX6HlHkrp4/Lug/2uy3019VlqTTbbl:XDFhhKYaV3Ji/J/oHpg4zj/xsYPwPl
                                    MD5:EE4C0B0C4B85F75799BCE78B1C2D81FC
                                    SHA1:83F131BB45A095CD4F627CC95E0B4BC60516D068
                                    SHA-256:172093596B6421347805AE81DB5920534B9F73DF2940C68C65FD2FD01A56AEE7
                                    SHA-512:1C913C167644140C219BDF2F58C7B2A78DB1B40694D0F4B576BFDE28124A320B0E18D5AA218FF14E9A048367C177BEF2D0E99D76788B389EE77C449DC2D8C402
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...._...5~../~..|..g....<>..w^..={...'N.....|~|.S?u......./...<=~../~...O=9.5......._....?.......O.{..o./.=......z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\055.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1234
                                    Entropy (8bit):7.022608499003199
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ6RVSx3EYTmfVHMhfgXwrPmT7sILo9zgn8UU73b:XDFhhKYaV3JU4VmtHMhewrBuoiS
                                    MD5:6C65297389EC34889BB17D2F15E976E3
                                    SHA1:ABDD353A9308CF90E9DA92FD0820B1923A08F4D6
                                    SHA-256:0740D5E5A0572F7A7E4879165868F321EB25EDB8E653BC13350BC8150234DFC2
                                    SHA-512:4395DC523A84C151FE42203808FFCF1E5D9EBF71956ABD3008C72BA0D7839D5349520E1B8C2D6773773B836974D77D89767AFB795A89CDA81246C382246B9804
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...z...k.../~.7..|...z..._.8}.......g'._|....?.....~...._|......./^.....?......S....k..........k........K...G.z...k...!.N.._......_....?....h.k`......7..|..7.5~._..@..K~._........5~....~._........5~...7.5~._.;..t.^.u..,7_s..]..;oD....>....u..6...U.......u~..1..X^h..o...!..........A.............7..)../.r.........&....O........]Ct~}}........c....k...&..............r.k........&..........5...................h..?.v.&...~.......o.Co........7.A....~M.2..........h...5...........ch.k....../......<..k........_(..C._......@...m..?.;.....c...k..?..~._........5~..K.._........5~......5~...._...5~.w.5~._..~._...5~]....!..o.E.l.o.E.2..j..`N..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\056.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1227
                                    Entropy (8bit):7.058652863809924
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQM/yV9ZspJBafrXGSy7Qurzaf5cUKmouFVqbsT7B:XDFhhKYaV3JMxa2oxxcUNoSB
                                    MD5:8D1AA6D592A5A8DD6B44AEB96DB47074
                                    SHA1:B1E66C109D823BAB5A4182A2C54FFD8B68DAD4E9
                                    SHA-256:19F247B307A04D7E338B541FAE8D5B042DAC508586634B356DCA3B10A7AE037B
                                    SHA-512:6A71F04C921DEB447DFD10F52E47FAF91492FBE2D7F5A5589BFFE51F58933E16B9A34E537565D1942F73A4E5A45D77FEB8B76090CBD339CCB36EF3F6AA640EF3
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;.?..~._...5..|.........g....o??.}>...'/....O......=...|.{}.....x...'....._........7..~...u.._...'....7........~._...5~C..............*d......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^.......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\057.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1246
                                    Entropy (8bit):7.036403636871672
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQU7GFAAf2shjZCcHNmuS39kxzHc8UYtDEyZo9HBmCcjG:XDFhhKYaV3JU7GF5uCCsm8y8rZEy+HBB
                                    MD5:0C114443F2FE2B76805356A03CDDA42A
                                    SHA1:2AAB8DD7A0011330A4760E86B6CA37078D67D820
                                    SHA-256:3283EBA3EF717D2CFE0DB0823191AB0232168249367A33B5C4D46A2F9F3A234C
                                    SHA-512:2469000CB425AB386D14B1045F03C56EC2EAE773E7F0A8F0C77D695ADC96008BA3519C2CAD0626566934E8FC012740C041F6523D8409CA4E94A451EB5B848F29
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...z...k.../.....g.?=y................._|.......u|..'.}.7.O._.^.^....O}....k........o.c...k............/.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\058.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1225
                                    Entropy (8bit):7.039580137037343
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQVoXnXAC4DcFAiuY8C+ZkdWa7DU2zz1zlnKZH3CTr+w:XDFhhKYaV3JVowC4Diz8ChWYZjARw
                                    MD5:635AE1FD25B404E6921483ED8680382B
                                    SHA1:E08071C6F5FAC84E4B03847B46ED36274265EC28
                                    SHA-256:EE52709E551663C0B7046AF6762E6671ECAF20551324A105D174DF9C89B52449
                                    SHA-512:76EC1D18B524B7EE9FB6220A5B9727778CEE643123E39B952FD6891F0C419DE7CD7CD08EB3F022ABB3C46CD08D86C9CE193301C7569D1934AF431957037CEB47
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;..~._...5~...x.....^'....g.........g..O...q..7/>.......~r...ggO_...w_....O=..~.....#../.....~._...5....?......_..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\059.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1234
                                    Entropy (8bit):7.021241936414713
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQIbEBYTmfVHMhfgXwrPmT7sILoZ6y5DYPqg:XDFhhKYaV3JgmtHMhewrBuoh0
                                    MD5:178399007B2D9389BAAEF870615BEF26
                                    SHA1:81BD569064846205F5DD88ADF5001857AA2AD8EE
                                    SHA-256:1B6A29FC41CADF2DD527E820FCEA40057105DF9B48405C257EB143DECF519660
                                    SHA-512:E94A4632549C2CA72AA8906A184F96B49A921CAFBA06D679189DBAD8D19A40643EBE19E3D7746ABFC923D83271B6E47F4E8F9F26FB7512B912EA1DE8CD508A17
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...z...k..........>>..^...^.......;ON....w^.x.S.=...~r|...=.....w^....O}....=...?............k........K...G.z...k...!.N.._......_....?....h.k`......7..|..7.5~._..@..K~._........5~....~._........5~...7.5~._.;..t.^.u..,7_s..]..;oD....>....u..6...U.......u~..1..X^h..o...!..........A.............7..)../.r.........&....O........]Ct~}}........c....k...&..............r.k........&..........5...................h..?.v.&...~.......o.Co........7.A....~M.2..........h...5...........ch.k....../......<..k........_(..C._......@...m..?.;.....c...k..?..~._........5~..K.._........5~......5~...._...5~.w.5~._..~._...5~]....!..o.E.l.o.E.2..j..`N..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\060.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1217
                                    Entropy (8bit):7.006277097511548
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQAsAS94zxNSJ1xLpxCN+VJ2LEzxFs41hgEL:XDFhhKYaV3J9xRK4s4cO
                                    MD5:C2794353658C6DEB88C84A4B573AB722
                                    SHA1:E3C21C0D2C68F2CC6E584E76F05981F5B08089EB
                                    SHA-256:3F508CA4AC2622E87F5C1DC40FBA03F84510B1A5A0E7049835BDB57BE9883378
                                    SHA-512:A917ECCB99B067DBA1A3303211C55709B637B181E618A0A0F454BF4806958865C5F1F9A88BADF0824031E9FE447092104BA8BD614C6567683EB4D2891B6B7E0D
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...z...k...g/....O..|../.8.}.O..^....''/.......O.9~.{.?.N.}.../^.:;....:~.k..?...n.?.....k....?...G..................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......5~.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\061.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1218
                                    Entropy (8bit):6.99398001539508
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ7e+tVMC2S94zxNSJ1xLpxCN+VJ2LEz2IylM5Trdug:XDFhhKYaV3J79MiRK3exD
                                    MD5:634111F652C009EC8B310AF2DB9C8CDE
                                    SHA1:9823B2B88EFF7B1C8CA7A5C6C7E8698FF03A43B7
                                    SHA-256:FBC0000B5D852679F31161353BA0741222CEB7BAA31977EC90A396391FDF10C0
                                    SHA-512:C3D25A7217E3690857AEEEF8E646C19950D4403EE2570E08D88E7C1EE5681B8A10BE3EEE78C7B9F64DD8D76ABCE7565B5E5DF1BFB7EB36C815A92299EAA28FCD
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...z...k....y..../N~..x.{}~r|.....O~.;....._}...g?......../.|.....?..?y|.S..w~._......?.....k....?...G..................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\062.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1224
                                    Entropy (8bit):7.0299387854773085
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ0aSiXAC4DcFAiuY8C+ZkdWa7DUdpiabxYFsu0:XDFhhKYaV3JSiwC4Diz8ChWY5Ku0
                                    MD5:EFA68E09A8E4652E1C20026E7EE066FA
                                    SHA1:EAA4371EF92489EB07C211A8290E6A18DFDC7149
                                    SHA-256:368265E5B1E2117E6485C415016A397465FE5F5898D5E605BDFB37EC5DE66348
                                    SHA-512:B05D96A34792154FBF008CCD3EF7BFD0B1335C5ADB594F426FBCAD6B01E1A42CCBA4BF9F2A61320CE50599DB14FCE4BE6F766985A7F8F73205C3801891DCD18B
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...z...k.....O.9.....<....'_..~..._..8y...g.?..W..~../...Wg.y......?y..~..........3.....~._...5....?......_..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\063.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1225
                                    Entropy (8bit):7.028126110050795
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQVZG+QhLWxGJO87xX6HlHkrp4/Lug/2uy3XGzcx8A:XDFhhKYaV3JXm/J/oHpg4zj/xsXGYeA
                                    MD5:DAD98DC8E71B18F7B9EC293DC93C091C
                                    SHA1:BCC31B8B4A3DFD48E5BE4595F54BC9B1B29BCFF5
                                    SHA-256:1348A623B40D5E23AE520949377C80413AD005A2BF89991F7C841EA7C07C705F
                                    SHA-512:B88E6AC7196BFD885224C5E8A4454FD9E723FD95B0E661DB8BC75D73399D1A366DF54D1CC2F568F37D2CE722AF361208A1F41717EBAA2743D5D8597B89587312
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;....~._...5........O.../.|~|..o.....oN..x..w............7g?.../^|...<>............_....?.......O.{..o./.=......z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\064.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1225
                                    Entropy (8bit):6.992854465622392
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQeuTBJbGQhLWxGJO87xX6HlHkrp4/Lug/2uy3XUTELTI:XDFhhKYaV3Je29b/J/oHpg4zj/xsX+Eg
                                    MD5:5DCC4F0DE58ACA2E24720B9D1E1B06C8
                                    SHA1:A9D6D40B90F912B7B6F8D89E9B8E6B3ECE176096
                                    SHA-256:FF009A688FD99B7797C35FC4A1AA57E1AA1A51E311A3A579A5C74D7594EA5223
                                    SHA-512:392A6730EFCF57B8BC6124CB8DEE5EC9B6A0125E214131F1CAD228936B17AD9E1FE66BF136D6E725B529F82B2A93AB698D2BE7EC1950920F315AA97DE793714D
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...z...k..._.........'...........O.}....................~.;O_.x...<~.S_.^.....g.......?.......O.{..o./.=......z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\065.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1215
                                    Entropy (8bit):7.055123885876645
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQTl4XAC4DcFAiuY8C+ZkdWa7DUfhWa6RduYfl:XDFhhKYaV3JTGwC4Diz8ChWYYMRdft
                                    MD5:E13D62F2C93BEE85CDD3D7EDA0385D9F
                                    SHA1:22C59BF386E65896754454A1BFE5DF0BDCF5E8F7
                                    SHA-256:D5E2E0E9F9344A3590486F230C21EAD880593840215EF04C26225CB1A431B06E
                                    SHA-512:2A56C70FB367BD16111D555C8B9042F04FEA6516737EE0E16007B0E2D34DEF04ADFCD7261D4C8B193884EFD6F059E7790D24725C063002CD5A526AA85760DB0C
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;....~._...5.^.....??..O.xzrv|z.........._<{v...O}u|.{.....go..8....<~.S....?.O..O.G.....~._...5....?......_..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\066.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1216
                                    Entropy (8bit):7.037659515999585
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ1X/dAAf2shjZCcHNmuS39kxzHc8UYtDEy6yk4T7isF:XDFhhKYaV3J1X/d5uCCsm8y8rZEzEt
                                    MD5:A7D1FD510ECFEAE2307A9A220B7C918A
                                    SHA1:05E34601AB8A0AF7E33CA1F3332E40C9D0F0E224
                                    SHA-256:3759FE7D7F7EFA12ED64DCEBFC816EAEF73DBE585930649DCEE8B23A74CF9750
                                    SHA-512:0F3D6084B16F76AA53DF29D3C8CF203368000A0EE9EB2C49469D5523529196FB6420BBADCDB37FA6040CC00FCD21DE22AD650C974CD1D0ADB66E02FD963351F8
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;.~...:...k.|..'_.=?=..'..=....._......./......zs...>>>..;O.<}.....<~.SON..?...#..+..o.c...k............/.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\067.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1222
                                    Entropy (8bit):7.044685691187419
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ6v67QYTmfVHMhfgXwrPmT7sILoQCdUCTml:XDFhhKYaV3JhmtHMhewrBuo5UN
                                    MD5:B5B634A5CC0B8C8E88B57D90CE6C9F68
                                    SHA1:0765962769DE639C84662DD7E4A471C5DC1A1D7D
                                    SHA-256:BC32A7E42528B5A5A3C33D877F117FD004C9DEE052DFCCE3E10BD8720ACBCCB1
                                    SHA-512:03C86C5100281402763DF76CB7FD16D6D18903BAAACF2EEC84E716F31B0AFF6533098976540A486D95FCDF9B101E9BFEE48E5015231D4E8AA5673F2BBD68F0C5
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;.>..~._...5.^.ys.....?q..........99...7/>../.....|.....gO......?y|.S_<.5~....z............k........K...G.z...k...!.N.._......_....?....h.k`......7..|..7.5~._..@..K~._........5~....~._........5~...7.5~._.;..t.^.u..,7_s..]..;oD....>....u..6...U.......u~..1..X^h..o...!..........A.............7..)../.r.........&....O........]Ct~}}........c....k...&..............r.k........&..........5...................h..?.v.&...~.......o.Co........7.A....~M.2..........h...5...........ch.k....../......<..k........_(..C._......@...m..?.;.....c...k..?..~._........5~..K.._........5~......5~...._...5~.w.5~._..~._...5~]....!..o.E.l.o.E.2..j..`N.._.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\068.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1218
                                    Entropy (8bit):7.053035589217153
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQSQ1yPYTmfVHMhfgXwrPmT7sILoONOAL43Q3:XDFhhKYaV3J14KmtHMhewrBuoOMTq
                                    MD5:5AC85E3D3D191DE4583700F39BCB23A6
                                    SHA1:A0188A48C3C521735C12EBE31526F92E9ACC03ED
                                    SHA-256:56494F94FCD4BEDF5880CA3C0BF953200841925DAFFFA75F766D7F7A42C27E56
                                    SHA-512:203382099524F2968EFEC88AE8CDB37939274C43CC90F0B7883AABFA3DC30DE888F08629A1CFC17704427FEC9638457521113A74E1637FC1C8371A02E105D5B0
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...z...k...?q....._<=.../N..........N.......g?....=...}....?}..;O^...z.._.......?..........k........K...G.z...k...!.N.._......_....?....h.k`......7..|..7.5~._..@..K~._........5~....~._........5~...7.5~._.;..t.^.u..,7_s..]..;oD....>....u..6...U.......u~..1..X^h..o...!..........A.............7..)../.r.........&....O........]Ct~}}........c....k...&..............r.k........&..........5...................h..?.v.&...~.......o.Co........7.A....~M.2..........h...5...........ch.k....../......<..k........_(..C._......@...m..?.;.....c...k..?..~._........5~..K.._........5~......5~...._...5~.w.5~._..~._...5~]....!..o.E.l.o.E.2..j..`N..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\069.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1225
                                    Entropy (8bit):7.01643935551246
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQGxaYc8i39/62M0a/k0HqZVH1hkPIsbx5JzfN/ITGIDj:XDFhhKYaV3J+a9j/OH1Hs7BsbJN/qF
                                    MD5:EBD8671F5E71C7F82431DB824DC3820C
                                    SHA1:547727179A7F0EF6DA4749C8BDCA652AAA121FC7
                                    SHA-256:4387D8827E0AACDD5D058F58814F10D06242FC14BD6E0107D908B1D5D370CFBE
                                    SHA-512:FA95AFB3674C23A72E53DF3345DA0C5144664696BCFCB1C59F812A2ECFBAE4CB1C5AC45707BD57A1F88CA7F7427135ED559872402FCB7C098A6EC341D8C89E4B
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;.>..~._...5.^..yqz..'?q.....O.}|...../.<}...zy...=..N...;........O........../.......~...5~._......._.{..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.k...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\070.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1186
                                    Entropy (8bit):7.044597918735164
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQrBec0XAC4DcFAiuY8C+ZkdWa7DU79TzIaeOVL:XDFhhKYaV3Jrh0wC4Diz8ChWYo6SJ
                                    MD5:A661B10512BC144350B639315CE7AEC2
                                    SHA1:0E9A7F29CDD7E30B2B30ADDFC1C8AD94F64CC3E6
                                    SHA-256:7B5149DE197743A5680AF2DAE0D9C92F5830CE50CD626D4E6EFC4018E5E9953F
                                    SHA-512:5725250667F4EA0A822313B2F16BB4B15FE828004AE7DED108A93D637160F4CA44BF0DF811D2EB2910B0A58460028C21FF187C42AEFDD303F5A446F16ADF680F
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;.v~._...5~.....'_.}......../.OO......x..o....?ur|.{....o?.....W_.....O..^......?.......~._...5....?......_..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\071.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1189
                                    Entropy (8bit):7.01387330016364
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQFkQE1AAf2shjZCcHNmuS39kxzHc8UYtDEyPRr+9RYPR:XDFhhKYaV3JFkQM5uCCsm8y8rZEaRrz
                                    MD5:A6FA260BE2B79E7FCBB723272CE96575
                                    SHA1:1918407728AAB76833BB401E8C6DBA80095AF507
                                    SHA-256:89209C1825A1CB66C2121C6E82CE833F354F202BB0EFC003B23D6B0E497182DA
                                    SHA-512:7FF0C1A7F9A3AC75BD67E88E4C117084EC9FE5D09BE4C83929E29264E191D0D1FA50B67AAEF213791B0FD620BBD4ACFCFB28317D491E5D5346EDEDE1130F7E6F
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;.v.._...5~...<.......z.'.'_.....~.'/...._.x.So......o.....O_.....?y|.SO>.5~........o.c...k............/.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\072.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1205
                                    Entropy (8bit):7.050878850028164
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ1ejbNECWoyV9ZspJBafrXGSy7Qurzaf5cUgkOXnKZLX:XDFhhKYaV3JYvxWsa2oxxcUgkKBc
                                    MD5:B36CEC2BA6E8663E70FE860612327476
                                    SHA1:D6AFFF7BA4C5825EA96606544AF76167BCCF9095
                                    SHA-256:B2AF5A7952E193BD1B9F8ED848131879A364926305A5692C894C43FD4F6F32AE
                                    SHA-512:66E4695944CD172FABD6C59D51FFC9B8D822F6B4041A1DC6C42C2BABF636AF2C83B7D6721D690E84266CFCDFA3AC38DF9FFD7A6DF4D7C0D151DE50ADF7028278
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;..~._...5~....7..~..../>.......^<y..?.............._.}...../.............-........u.._...'....7........~._...5~C..............*d......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^..........

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\073.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1196
                                    Entropy (8bit):7.030577795546407
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQPbAQhLWxGJO87xX6HlHkrp4/Lug/2uy3V2oJHHu:XDFhhKYaV3JPbl/J/oHpg4zj/xslc
                                    MD5:B03A0BD63241263267436951E47AB139
                                    SHA1:88F7707F3845A8CF9ADF7D09C5F8539177E5E907
                                    SHA-256:F18C26530C419B09C5886BE7E9F841A64506DB9EE9176BB9D0605E5692B7D323
                                    SHA-512:91A7B8D1550CDBC7FC6D0F27C093E06B91D5186CB45F4E633A3A1F2A6059630CF5488353805B745D09B4F65182467A81A1A7A8A9B2B37CDA6E55A851B5C08B44
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...z...k...._|....99..^.?}......._.......?{...O......../^.=;{..........N>.5~...s....?.......O.{..o./.=......z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5~.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\074.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1191
                                    Entropy (8bit):7.032432159496323
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQP0lsCy8i39/62M0a/k0HqZVH1hkPIsbxyR+ySPuifA:XDFhhKYaV3JRCC/OH1Hs7BsboH
                                    MD5:1BF026A7017AEB993470051470940591
                                    SHA1:4F307D5561F6A3CA1A28A8C4D23436B9678619BF
                                    SHA-256:D98406C0E24863CDE56B1B4799A28255AF65E780FA883A907283C13472E44781
                                    SHA-512:ADC776C9CF31C80EE4EBDA1A6CBB0D85018AE13E98C1813A982180FA5456F530828D572BAFAE71FFFE449387FA72934EA3B8BFCBED3D2E1C50F23E06129A912B
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...._...5~../.|s|vrv......^.'g/...y......y..O}u...>>>.....x......?y|.SO.~.........7.._...5~.?./=......?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.k......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\075.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1199
                                    Entropy (8bit):7.038178854957227
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQCvoYz9CwchdXaB0wypv7nzTxbri3K0KcyFjg:XDFhhKYaV3Jmo+CwEa+w+vzzTxS605yO
                                    MD5:C1D318442262C81A27CACB732B42B767
                                    SHA1:A154C8E113AE482D6F68F953C89C0A2ED16FE44C
                                    SHA-256:E906EEB8814B14B68F9DDACF8CB717BC9BEED034AEB25F051E56E79845B4A243
                                    SHA-512:1D024AF0DEBF397812F03A636B21814F6B4C9EADAC94566310FA50DB860B20B6BB3E45F308B668A25FAE5708485E6CADB98E0513C89990A3F8C101E9780A1F0D
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...z...k.../^.9....ON^.?=...O?..^|..|.../>.....zy......'_..=;{z....?y..>........_.......~._...5...`w....._...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....k..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\076.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1198
                                    Entropy (8bit):7.064367058272148
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQGAqXAC4DcFAiuY8C+ZkdWa7DURrwMCuYMik:XDFhhKYaV3JGAqwC4Diz8ChWYAiw
                                    MD5:157224E3669C9A13288E22ACD7092D2C
                                    SHA1:234E9DD3FE7DCE7E20AC3F7E17F9A42D51E43B81
                                    SHA-256:D7AE0855FA7565A4767F4DE5673B30070F892832B7EEC0DC571A7183334B1149
                                    SHA-512:43E9DE5AE10596980063913DB709A4576F338206B9C60DDD43B3CDE057776C429EAD86E8B4432DF57A1EE3D4CA8A0D9F88B97B78F9D909981830FBC101CAF865
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;.>..~._...5....7..~..................O>y........~..'....'_..=;{z|.....<~.S.>.5....?.o......u.._........._..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\077.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1188
                                    Entropy (8bit):7.05626878786215
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQKwCsWfuEXAC4DcFAiuY8C+ZkdWa7DUEMtKw:XDFhhKYaV3Jv/EwC4Diz8ChWYVw
                                    MD5:BBEB0C73945C7129F9C1CBF4CB5B6A92
                                    SHA1:26BF719F0AFE4CA2DC2359FB339930D9D1202F02
                                    SHA-256:83CA8F572BFFE7893BEA67B42CEFF9BED036FBF638B6C9A82DEA971352BFB5C2
                                    SHA-512:B6CE5AB972D645FFFB87CD758563ED640BAB1C5FE94632438BB44C8EC004CBFB20F758ED9832F32C80D98BD3112ED9D488487D980B81578C6A6DC149E7A5603E
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...z...k.../_..o..^'...~.{.8......O.|.....zy...>....O.^?........'....._...#..........u.._........._..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\078.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1185
                                    Entropy (8bit):7.067070304135949
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQYRHQyV9ZspJBafrXGSy7Qurzaf5cUt4L:XDFhhKYaV3JEH0a2oxxcUt4L
                                    MD5:7FF0D987B92F7FF979A8967EF34D48C6
                                    SHA1:902DBADF4D883845DA298DB3046BAEACAC95E34B
                                    SHA-256:B9F5F5449B535B5CD2FA4255CB6515929B2DA441DAE42A04D08BD819BBF51FF8
                                    SHA-512:4EE2828ADBFAB2950B75D96BB1D44887E98C14310CB98101EF2704FCCEB3312CA2E8F6E1BB65737B983AE1659F654DF7C0BD82F5942BA9EBFD3B25A348C2E129
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;..~._...5~...x..../N..:~...'g._.>.../........O.>.?.{.......W.y...w.}.../~...............~...5~._..K.v.......~._...5~C..............*d......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^..........

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\080.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1230
                                    Entropy (8bit):7.0053536585354905
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQRYbQhLWxGJO87xX6HlHkrp4/Lug/2uy3jeQpK30D+MT:XDFhhKYaV3JRz/J/oHpg4zj/xs3KEDWg
                                    MD5:72D3DBF2502B2B6CADB67E788B20CB07
                                    SHA1:EE268E14450F782358BE582AAAC6B35B94629C68
                                    SHA-256:8054697164F1DF46A96761EDD268C289EB4D869ECD7ADBEC9D9EA4F1E7994532
                                    SHA-512:C9140ABCC662D1BBA0021BCC24D7F46B5B4A682CAFD7EFA53220DDB65E0EB3CC85C4C6FDD8824FE61DE801A73A26DE82D059EB51865E349F07A109869E70F33F
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;.;...k.......^<....._......o.~.{}.S..._.^_..x.S...O~..../~...^.y....^|q...........?...?.......O.{..o./.=......z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\081.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1217
                                    Entropy (8bit):7.0341833590276215
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQpp5YikY9CwchdXaB0wypv7nzT6sw9qvYIJ9:XDFhhKYaV3JRYikcCwEa+w+vzzT6swE/
                                    MD5:67D8292CBBA236FDAC9E787CCA8C9730
                                    SHA1:C384C4D5423188095AF44288E49464C4E8F05A66
                                    SHA-256:D4DD1FEC8EA242EA8B4587748C81FE76CDECE8B9B302CAA62F8E87A5BC487F08
                                    SHA-512:828CDA03602EABC0C26E59B1AA32EFF5585E66BF74456564F97EC17B1030A617530B71013EFE433F1E74029C034B786064E0EB473F0C996E4467895E8D1F4BA3
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;.....k.....w.......~....?..gO......_.........O~...'_|..'.?}..'...q....k.C...g....7.._...5~......~........_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....k

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\082.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1222
                                    Entropy (8bit):7.022960712541121
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQXhc/oz3XAC4DcFAiuY8C+ZkdWa7DUEunw3o9QAZ:XDFhhKYaV3JxcawC4Diz8ChWYew35AZ
                                    MD5:1E0C4F6EE24150D92875738C878E9B6E
                                    SHA1:32A3A6CBD83111A3D99B3C0A3F2E5B12DACC57ED
                                    SHA-256:7370FAA147711304E9F13F39D38CD547166D398F64C1EF8056AA788582C1A71C
                                    SHA-512:B59282C0066DBB68C6859D112BE937949BD66E9C6FF9996A57AB784B1E667BA95D855EAD83708B3500AE4BDB7606EE9E65BE33DCF0FF5B39995901315C066325
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;.{...k............yz....o.?.../~...^.....y....?...o....._|u...O_..|...........?.o.......~._...5....?......_..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\083.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1226
                                    Entropy (8bit):7.0199271101179255
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ0BfQhLWxGJO87xX6HlHkrp4/Lug/2uy3gSTga/jpUiH:XDFhhKYaV3J02/J/oHpg4zj/xsTjpUiH
                                    MD5:8E3ABB5DF979E50E30EE73B07FAF6551
                                    SHA1:46263991C65575A800F8239BDB7EADC59894940D
                                    SHA-256:387008A0B5B686AA8807C6D85F4C8378360AC0679910D83C5E1FAE09249C2FEA
                                    SHA-512:DE6084CAC17BF068E747A87EAC7AA1DF1D42B879641755EC58FCF50676A9427F7CF18E29EEE932B1A16CC2AA0AC013C811B2A958358D346AFF080C486D0EE309
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;..~._...5~...?.....y..._<....o........>.........O.8~..'.......O_........z~.k......o....?.......O.{..o./.=......z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\084.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1202
                                    Entropy (8bit):7.051056054843645
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQOXAC4DcFAiuY8C+ZkdWa7DUx/ZASZLRXT:XDFhhKYaV3JOwC4Diz8ChWYDCT
                                    MD5:AC58235CE3AC36E64A0C1B42D6615F24
                                    SHA1:63DEAAF44EFC65772773204A521AB761102D2B61
                                    SHA-256:C33702A4965FA55A88E9C5BABAB1BD053E2AFE31ED4A9719339B9EFD20EC21C3
                                    SHA-512:CA2E34032F4D697471F609EEAF37411C43957234B8971AB1515FEBAD25A7DA968C8827C66420B42D1E9F2E8BDC97FA3B78C3D9BC081B06C593891087DFF674A9
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;.....k......?.....9}z....<{..._.x...~u........{..O.?..../..8~......:~.k.A.~.........~._...5....?......_..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\085.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1236
                                    Entropy (8bit):7.02161590947398
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQRUJvBWQRQhLWxGJO87xX6HlHkrp4/Lug/2uy30U+5ub:XDFhhKYaV3JRoBWQI/J/oHpg4zj/xs22
                                    MD5:BBAFE04FB386180CC770C01E37C58657
                                    SHA1:B51C73321BEA7B2BC7DCC6700B09BDA945E5F727
                                    SHA-256:EED0F3B71C91F527684C15C19A9B0A90C582893AA3807E3F0280172C0842A46A
                                    SHA-512:5B085AB5A6587E17503388ACBBF9BE171FFD9ABE1EBE746FC537924EE735D2404916814E5F3C8E10D92FA0AFB5603DE6E7CE7754688F627DCFA7239946BD1D81
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...._...5~....~....?}.....g.~v.{?....'_.>.~...?....w.<...wO.:{.......8>..g.~............?.......O.{..o./.=......z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\086.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1215
                                    Entropy (8bit):7.041297988670199
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQZXAAf2shjZCcHNmuS39kxzHc8UYtDEykYBmn1shdGu:XDFhhKYaV3JZX5uCCsm8y8rZEFnWhsu
                                    MD5:D30E00D948DE5FEC48B0C5E7E7429278
                                    SHA1:8B4DCA32FB7F74A7E52A5FE7E8BE7D3317D176B6
                                    SHA-256:F65A5A557334C4B8DD951323023AB075C3355D1FE2A6580501BBEB5E5A603774
                                    SHA-512:C398E95782F3CF5CD359551EA25E4CF4A9E46E9EEAF3C6D53620EDC6A775B237F73A1DDDA0429CFED916BCC7C5718968D689537C9034AFB5C0467E90BD219B26
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...z...k..._........g._.<.....O_|...o.=..;.s|.SO........?y..;O_.S./..........._..{..o.c...k............/.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._....~

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\087.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1223
                                    Entropy (8bit):7.021846277995259
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQq00Y8wLevT/QhLWxGJO87xX6HlHkrp4/Lug/2uy30LQ:XDFhhKYaV3Jq03LeS/J/oHpg4zj/xsWQ
                                    MD5:B998DC0AEB6CD26F3D59A627E1D914D6
                                    SHA1:BECCBB8CFF558EFD747F316699ED886F7976EA50
                                    SHA-256:B4FB9F70166615897C95E61E81269E94ED347A87E9E4D4B661DA6315640B0041
                                    SHA-512:4B69D2430B1F167B1CAE69BA8BA91F044658374D3C3EC95DF11EBC163DD680E1674531296A073E79F30119872CE1AB009A0A68D4FD19ECAFBF8E298A7BA558F4
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;..~._...5~...o~...g.?..^.xr../..}.....'.s........:;>...O....'O.....^..q.......G.._v....?.......O.{..o./.=......z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\088.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1217
                                    Entropy (8bit):7.033489988734817
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQUOCc1NQhLWxGJO87xX6HlHkrp4/Lug/2uy30fFTvMUw:XDFhhKYaV3Jh/U/J/oHpg4zj/xsQZMUw
                                    MD5:88F8894D4740030B488E49BDA2BD2B63
                                    SHA1:17F39EEEAE47A70CC7B11EC1ECE9D9AEA82D4A05
                                    SHA-256:90B6329E36C25DF4EE8B2BD645AAA33B1EFADB80AD03D0E9743B6599E816B271
                                    SHA-512:D0914487C65F861A7036C4A79E12FE73BEE9D3DC73AAAB89992017276CF1DB4D1443504E56236460D071199E3006973B40AE7D91250580D96A68A7DD010A0A2F
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;.....k.....O.^?y..._<=}....W..~....yvv..'_|..w_......>....g'o......./.......k.........?.......O.{..o./.=......z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5~.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\089.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1227
                                    Entropy (8bit):7.0335282671876245
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ3XQLbP8i39/62M0a/k0HqZVH1hkPIsbx1wP2/yUKZL/:XDFhhKYaV3J3XMbPj/OH1Hs7BsbL626J
                                    MD5:086AC1D7582B6F29C203EB34BE4C4A98
                                    SHA1:0AF8417AA60B4E3BCAA0D7962AA73FFE6E796B7A
                                    SHA-256:B776B877E4BE92841282FC44BA051081F73EC486F7AA382547F8A5879625198A
                                    SHA-512:0ED88CF9DB33E1C191F8A6860249B0BF3F9907C12FC541789D9062E234FA67887D22750A82AF3FB576E4E79FE5BE11C6498113CF68C8DB21700B0CBD74A7F2CA
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...._...5~..W....?.....O.^.x..;..}..o?...../>.....>y..7'?y........./~......~.........~...5~._......._.{..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.k...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\090.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1228
                                    Entropy (8bit):7.0262752285020085
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ1VcBIkY9CwchdXaB0wypv7nzT6gvx6mU2myK4:XDFhhKYaV3JNkcCwEa+w+vzzTncZ2myB
                                    MD5:1F66C46DEAB5C1CAE34B63E6A26DA7D8
                                    SHA1:2145BC5BBD83C08086B7CAC334F3D8C8D83ED0FD
                                    SHA-256:BF82D1BB3F3F78F59DC96F3C57746AB6AD3B5CD8FC3DDDEDEFFBCC4E058ED898
                                    SHA-512:B81EFF398A88253EA96334570704DBB486662A8CA459972419012709A429C1337A6EDDB30A516881C2A6AB66C53771BAA5CF2CD6D6FEC4D845A817F3F393F101
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;.w~._...5~.../~....y....'._.?{...z.{=..._.../^......}.....>9;}....._.....o.....u.....7.._...5~......~........_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....k

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\097.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1232
                                    Entropy (8bit):7.030969009098695
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ/LuZuuQhLWxGJO87xX6HlHkrp4/Lug/2uy3dxtwvAW8:XDFhhKYaV3J/Oi/J/oHpg4zj/xsSvAGg
                                    MD5:054CBA6BCB7554E847CB416BE4F916D1
                                    SHA1:0293720B92B70205510336D8385DD1F8843CF846
                                    SHA-256:B5F94A555EE9CF6A48B31CD0042F104A0AC416826BBBF6C2CA7CCD63B5198313
                                    SHA-512:D9650836E29D779C9DD50B7BC4CA0FE5B13D4395015336CEAD83048BCFC1FFA50E0FE923FC78DE714D01DAA0BB3F883B0AEECF413364B9481C416E612B3D383B
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...z...k.../_....|...7.........y....|q..'_........._......x.{==....O=....5.........?.......O.{..o./.=......z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\099.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1226
                                    Entropy (8bit):7.043812059755567
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ+Trr5kyV9ZspJBafrXGSy7Qurzaf5cUWcs5f4Dv2Uu:XDFhhKYaV3J+TrtYa2oxxcUWcCCuD
                                    MD5:04CBE0CD19B58FE86682EE3681793A4C
                                    SHA1:1CED70298B668BC50FA67DE10431005CF28FD5AC
                                    SHA-256:70979DA69BBE58F8DF2DB4B85FD97225D55E2AF9D182A9FC8AAA1402DDC52145
                                    SHA-512:E3A4FF72DE79672513C8C8759248D9BF0CEADBF7A5D1AAD8975CC55F05F82ECA220F60E70A6D9A1D0253B7602D639D026B8D6AD5853354988870EA97E488A55F
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;...z...k.......?...O........g...o.x}..._...o...S......oS...yz........:>.5.......O..~...u.._...'....7........~._...5~C..............*d......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^..........o

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\100.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1240
                                    Entropy (8bit):7.015010993451843
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ7RkY9CwchdXaB0wypv7nzT+1V3Xm7EFe:XDFhhKYaV3J7RkcCwEa+w+vzzT+1Vm+e
                                    MD5:8063272D7C975902F1721DB7948EC43D
                                    SHA1:4CEC44091B9885DA77D1181D3C5E8F2B3ECB6BE5
                                    SHA-256:20335CD8DCE5BE55CD085F1CC9A7ACFC90E3305955CE6DD084F34569FDFD0AF0
                                    SHA-512:61AF6BFDE08C57460792CA02909677FC33C427BE113560C5D62D8AE9AA14DC042E52CCDF50145365BFF7056E15D9B6C94952200848FE9BE4E111ED0F4B5C941C
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;;...k......w....;g'....O...g.9>~.{..~~.......?...'~..'......O..|......z.._....H....7.._...5~......~........_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....k..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\101.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1225
                                    Entropy (8bit):7.031310918792879
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ75Dss5QYTmfVHMhfgXwrPmT7sILohUUa9v84:XDFhhKYaV3J7hscmtHMhewrBuohUUS/
                                    MD5:AF0A90A61B8E0638EAF3B93699F0BD37
                                    SHA1:63117C551BC38C9281572DD857F0CB0E3AFC54CA
                                    SHA-256:19F54633763AFD5752AEB47BE7AEA8D5DDFB11B7A4D0292BDA00B54E6CEF96E9
                                    SHA-512:FAA5882CE330BB497167A88BB5D7784DDD4CD0F436350DFE8C88849558F81852B6EE7560FD75D9D6C888A6234E88777F78BD076551422A2BA7951344979AF283
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;....k.....w~..|qv.......w..;..x....>........O........./......?..../.......k.......7.c........k........K...G.z...k...!.N.._......_....?....h.k`......7..|..7.5~._..@..K~._........5~....~._........5~...7.5~._.;..t.^.u..,7_s..]..;oD....>....u..6...U.......u~..1..X^h..o...!..........A.............7..)../.r.........&....O........]Ct~}}........c....k...&..............r.k........&..........5...................h..?.v.&...~.......o.Co........7.A....~M.2..........h...5...........ch.k....../......<..k........_(..C._......@...m..?.;.....c...k..?..~._........5~..K.._........5~......5~...._...5~.w.5~._..~._...5~]....!..o.E.l.o.E.2..j..`N.._.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\102.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1242
                                    Entropy (8bit):7.020257064645733
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQFs95nyWpiNkY9CwchdXaB0wypv7nzT+38dXId:XDFhhKYaV3JFs9wWpiNkcCwEa+w+vzze
                                    MD5:50BFD65F98A5FF72CDD3D52021F437E7
                                    SHA1:E5A8775CA925D172AF8C21D2A858FA1BB6E2DE70
                                    SHA-256:7C8AC97F613FE2EB65305A44F58D486A1632236720FBB53B8EB1D835D838DE5E
                                    SHA-512:7323CA7D4766EF658FA691C9BEFF057D513873F96ABC004EF22D93C61516864F620706A64364CA072694E490AFC815DD6E24D09ECD4E37DFBD320BE271E468D6
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;{...k.......{.9>={....../.8~vvz........x........O|...z...|..'/_..q......=..'.....7.._...5~......~........_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\103.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1240
                                    Entropy (8bit):6.99442955044858
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQrAAf2shjZCcHNmuS39kxzHc8UYtDEyI7qXZSIdw:XDFhhKYaV3Jr5uCCsm8y8rZEjx
                                    MD5:ABBAA492143C2E973C088016A206A5E9
                                    SHA1:58803B9730F883D64873AF5DBDF1E610A054A108
                                    SHA-256:5D9B73ED960EE749D20D6D38E5AB7B977EE0EB326E5464D36F830AD0157CE906
                                    SHA-512:F2F05C958F7DB5230EE5ACB35EAD75A7DD369C2939E16D9F79BF0E0B0E63DE050409E934815E1F3F58110634B2B9AD8DC9A30EAA76E78C594CB759FA82D39269
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;.~._...5~.........|..z...O.?..~.yz..../_==.....?....|......~z...W/.8~.S.y.k.C..?...[..o.c...k............/.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\104.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1228
                                    Entropy (8bit):7.033051666169508
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ9xAAf2shjZCcHNmuS39kxzHc8UYtDEyoRQoK5:XDFhhKYaV3J9x5uCCsm8y8rZEzQX5
                                    MD5:E922307052C05AAD4CFBAA7CB582622D
                                    SHA1:54B30435ED7E3430865348006236CA7858D9A64D
                                    SHA-256:53A276A2E9B5A6E2F255F68755472BD5DE99C988CB7271380BDD00A154003BA1
                                    SHA-512:12AB92B33D691201E9F4F258F9C6B7D5F0C5286DFAE5F84636F9631B01F204327402AE8962C11870DC30B02313F89F27DEE0DBF70614DB6058DCD3C198131A81
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;....k......_...w~....^/.<.._<;..^<../O>................._|.../.|../.8~.S.y.k.A.........o.c...k............/.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\105.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1218
                                    Entropy (8bit):6.97994742604029
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ9R0wSS94zxNSJ1xLpxCN+VJ2LEzBrqF1KNFl:XDFhhKYaV3JJzRK6PNFl
                                    MD5:BBF8B51A7F193B3F76F024ED502C0AD2
                                    SHA1:1824DFB8EEE8828D9335176E78D3FC9290A5E927
                                    SHA-256:DDF388F499B6A5957A606EC3C2AB569DA0080D603A61D1A1ED94FB128BD099F3
                                    SHA-512:2CFCD8FEF859B633840FD159426F0A99D5F24AE9DED369FBE39B64B8AC73BD5E97F86CDB7A85A6449CFF8D14324BA173A8A009E667B039EDF89B1C3627049E44
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;..._...5~..._.y...;O..{}.{..>~.........x..........<.....w._.>}...../...........g...?.....k....?...G..................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\106.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1225
                                    Entropy (8bit):7.016822092423144
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQyMt6SFYTmfVHMhfgXwrPmT7sILoWasBleEKv:XDFhhKYaV3JyCImtHMhewrBuoCBHE
                                    MD5:5B7392F3FD34B439EA679B058FE2AA1E
                                    SHA1:43C0762732D146879B0050144B017CD0353D728C
                                    SHA-256:C1B2F735065C2743CA1A87BC41ECE91237544EEFC402FD80ECDC3210A5CAF5F7
                                    SHA-512:5CD5B7CB81226A5D973DAA102CABAEACE71C0420802667A081826AE1F14B7E2E8559FB1F0431F20CC37D45C5D63FC4C0B78DA0B790CBC707DD05A469C2E1EA45
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;..z...k..._~....<......O.N.|.../.?.........w~./?..W...s.{=....~.../..../.....g..?....?.c........k........K...G.z...k...!.N.._......_....?....h.k`......7..|..7.5~._..@..K~._........5~....~._........5~...7.5~._.;..t.^.u..,7_s..]..;oD....>....u..6...U.......u~..1..X^h..o...!..........A.............7..)../.r.........&....O........]Ct~}}........c....k...&..............r.k........&..........5...................h..?.v.&...~.......o.Co........7.A....~M.2..........h...5...........ch.k....../......<..k........_(..C._......@...m..?.;.....c...k..?..~._........5~..K.._........5~......5~...._...5~.w.5~._..~._...5~]....!..o.E.l.o.E.2..j..`

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\107.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1224
                                    Entropy (8bit):7.003880441586364
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQRXoAAf2shjZCcHNmuS39kxzHc8UYtDEyyYAcefRNb9n:XDFhhKYaV3JR45uCCsm8y8rZEv4efRiu
                                    MD5:70CB00B5827E1F60012F038645B69CFC
                                    SHA1:E83D257BE30094D01DB18D738EF2095F92D36850
                                    SHA-256:2401B52E5D5FB12553D6EC70838363CF114E2B4610573A1258700DC44B070750
                                    SHA-512:A96A859213D3252284B0BC19D1305FFD41483E735A9CC3EA01C720B5024B9EAEE4C238C11CACCBA987C1B2A8B67A26DD1DA3E7935FF51C0487C4E340113DE3CD
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;.~._...5~.../~....'O~...........~..'.....?............<}....../.........5...?....o.c...k............/.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\108.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1213
                                    Entropy (8bit):7.016070558353895
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQOBSQhLWxGJO87xX6HlHkrp4/Lug/2uy3CszIUiE0Kx:XDFhhKYaV3JOBn/J/oHpg4zj/xsTzIUj
                                    MD5:B0B3E2235321AC56E2BE1A1FAC942392
                                    SHA1:F81415F08464DC7C69E97143C7832BB770591A1C
                                    SHA-256:0864A3A4E6BA2CCF422203F32934A2E3F530453AF61ECC723C62A7EB017770E5
                                    SHA-512:E687226ED4CE362119090EB0176D8761281CA5835DF0362DFCC0D84B416313B806C34C8ABB44C37277AFB4245486D1FD0528A9891550A44800495723D40764EF
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;....k.....O.....g.....gO..?.....?..._.x.{.x..~......w......../^|.....'?u.....~........?.......O.{..o./.=......z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\109.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1218
                                    Entropy (8bit):7.028435926936121
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQyNQhLWxGJO87xX6HlHkrp4/Lug/2uy3aR5EF6IC:XDFhhKYaV3JyU/J/oHpg4zj/xsho
                                    MD5:9951879EDE5D74D0D6E426F128B09DE3
                                    SHA1:A4706F7C44B763EB07152895B4087185DEA04834
                                    SHA-256:5811B5663907D8BF9793C1F4EF8821E8B9CDF38E02FE753D5DB7E8BC4C93DA22
                                    SHA-512:ED5ECDE4686081E8C9CB57623F6C75971B797B312B16BF1C86287C26232BA64B61BB8B8A788C4FB614A7597E931CDB7EC6D6748AF69653DD70496B53145D5D3D
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..;..._...5~..W/^...........gO.}|..O~.._.xu....?.....{..q...../...................o...?.......O.{..o./.=......z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\110.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1220
                                    Entropy (8bit):7.066036917010426
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQrXAC4DcFAiuY8C+ZkdWa7DUAX/h6kc:XDFhhKYaV3JrwC4Diz8ChWYvhO
                                    MD5:C577CD5C1DCF82B181C56569706E68E7
                                    SHA1:EDDC245648BC6E75965E9ABCEBCD8976F138CCE2
                                    SHA-256:5F0806F8212AA497D995D484AE52DEBE7124A952A7833558E3548A511BC45CD2
                                    SHA-512:51D798E5E453129099C8849AE5DBD01CE1A4A90753D5EC536D45AA5647431931EFD485C66E0AB2E9B2133E58EF9725F8B1B1B08D8FAD01E29C4584C6B3A71843
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...;...k......_.........g_.z...:{..;'g...8>}q..~....~r|....?}.......O~..._..............~._...5....?......_..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\111.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1225
                                    Entropy (8bit):7.032181620414403
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQdkEIgSgAAf2shjZCcHNmuS39kxzHc8UYtDEyCMSRHVI:XDFhhKYaV3JR5uCCsm8y8rZEnF6d
                                    MD5:1E0EE292B7C2DF847B49EC8F450E7937
                                    SHA1:57F9AEE21D98498F848870897ACAB67D88694E81
                                    SHA-256:BF2AA833CCD4688540A371241396BD9CDA9C8F3565B4CCD06E5EE9F35AB3674E
                                    SHA-512:2447F21690790E699F5F5137449E8CC5DDD8D945B7A6D7DC0CD4327D175C41BA61EDBABBD1AA875E250F8C827BDC3602451700453C8E51756F2FA1C01DB3AAFD
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.......k.....w.....;O.~.....g/.=.....^}.../^.?.....=..._..w.<.z..'^.....:{.k...........o.c...k............/.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\112.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1212
                                    Entropy (8bit):7.024369444778746
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQF2xBG8i39/62M0a/k0HqZVH1hkPIsbxvIYUV4C:XDFhhKYaV3JFi0j/OH1Hs7BsbFUqC
                                    MD5:1C4209A11FB477A3C804F7AE4230B98E
                                    SHA1:39FF9B75459C54DE9F3F58F6D542FAE74953340A
                                    SHA-256:8DCDECE1E4F874468E5B119D4A185120B989BC7689748C89C86E6E7ED1DF4D51
                                    SHA-512:09FD6832E0F90972F5C306DD4D58AFE7291E9778405E71819B736E2B75B92DF5E40B4B90D6E2EAC78D0DCE731712EC552B1F5FBE754E6EBD92B4D8AE2DCA1A66
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...{...k.............OO..........o?y....W.....7.}.../~..O..|y...'?u....5~._......~...5~._......._.{..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.k...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\113.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1214
                                    Entropy (8bit):7.02658870160274
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQIqzSjC8DXAC4DcFAiuY8C+ZkdWa7DU1wa+MwW:XDFhhKYaV3JneG8DwC4Diz8ChWYGwawW
                                    MD5:CC1CA7DDE4917B550CFE98B8FDDDBCD1
                                    SHA1:15D22A5188773D4A8104970336DFB80B6A10D7F4
                                    SHA-256:E633D32D5DDAB5ACAF8C69C9CECDED4C5D38E4C5BC57EE1E32A421B200A1F9AB
                                    SHA-512:C0DF85A0679F636C0B7E81F478B9B3662201D4F2E4744104B90E371308B4B6FD1697C36A5D2D2303C6F0D05EE5173B9F6D9BFC15F100A1F16CDD112D99236696
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....~._...5~..._...x.../.}........'~....o^.y..O}y...O.?......O.<=.............3........~._...5....?......_..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0......z

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\114.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1219
                                    Entropy (8bit):7.010018841956587
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQKbQhLWxGJO87xX6HlHkrp4/Lug/2uy3vyyUiEJJ:XDFhhKYaV3JKC/J/oHpg4zj/xs9UiEJJ
                                    MD5:CF0274FF9549D516F5B26C7E172900C6
                                    SHA1:25FED981343A29E4CD51EDF51FF4600EA493986C
                                    SHA-256:48878224E31B85D3811FFCE2FA1688D25917C474C8B81C1BB60BD049E2209CDB
                                    SHA-512:9D70AC6A29FE303709D50C0733BB7D83762BE781F4FD0714F627A513474427829C254B8A68DE34C5A3CD0261531884356ECAD203974A18FF47FC282E98BA1621
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.......k....../.:........._.~~.....w~.go>?~..7.}..:~.{.?....g_}.../...q|.S.'.....o....?.......O.{..o./.=......z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5~.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\115.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1205
                                    Entropy (8bit):7.038976964669365
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQHL34YTmfVHMhfgXwrPmT7sILok8SwY5IRO:XDFhhKYaV3Jr7mtHMhewrBuoOz
                                    MD5:7818C8A177C3E10364251C04513711CD
                                    SHA1:6CDA48091BE126C2C21DAFAD631E49A3F5C0574E
                                    SHA-256:FF3A966065595EE6DD54503E0DF629E532E4563A3400C208DC51F17F83C4A5F2
                                    SHA-512:C35DD45247BC65FF487E608124A928268C8A381B51B2CA7EE78E84DF9AB3B286034DC81B59FAB016FEFC729AE38273CF7D0EE78111E3485FF5761E262D01E554
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......_...5~.../.x....'......x..._|..W..../.z........wO.}..;.>}..W._.....|.k.C..wN..........k........K...G.z...k...!.N.._......_....?....h.k`......7..|..7.5~._..@..K~._........5~....~._........5~...7.5~._.;..t.^.u..,7_s..]..;oD....>....u..6...U.......u~..1..X^h..o...!..........A.............7..)../.r.........&....O........]Ct~}}........c....k...&..............r.k........&..........5...................h..?.v.&...~.......o.Co........7.A....~M.2..........h...5...........ch.k....../......<..k........_(..C._......@...m..?.;.....c...k..?..~._........5~..K.._........5~......5~...._...5~.w.5~._..~._...5~]....!..o.E.l.o.E.2..j..`N.._.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\116.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1218
                                    Entropy (8bit):7.032792245142549
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQKZ3V08i39/62M0a/k0HqZVH1hkPIsbxvPk+Mk6o4:XDFhhKYaV3JKgj/OH1Hs7Bsb2r
                                    MD5:064AFB1C475060BE1BE63E673887A707
                                    SHA1:4A0CAA3AF74AB59EAEAE9970A90FAB95433AA4EF
                                    SHA-256:0EEB984FD575B4FFE46B35E5B3B84AC8CC564CAFBFA4687791425BD3420B1F51
                                    SHA-512:CD90AB5EBAD39E8A0318A26E7F6751888194FB35B1747BE21C429A94AB9B29D474A057C337EDC7DA153887B5DAD50884732515AE7CE406773C8129DA7CDB480A
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.....z...k..._..W....NN~...?...g.9}q...??~.....z}...>>y..'/..........?....5~...........~...5~._......._.{..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.k.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\117.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1241
                                    Entropy (8bit):7.047980945840833
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQRuZyV9ZspJBafrXGSy7Qurzaf5cUukqdHVqyCoAO:XDFhhKYaV3JRuva2oxxcUCU1I
                                    MD5:1B3A233AF330E317296D4E3879754889
                                    SHA1:98C36BB494878E1105A7B8856832C5AD5C798DC9
                                    SHA-256:97FBEADDA7997FE945379952676C074B5D5B0C0853CED4EA80FA68B9A81C57F2
                                    SHA-512:35BB8B32A63A78074F483F0CFA9EB6E9CA7E3308CDFCA1794ED038455B135FD424671C7A99D5BBDA3A575C6B8C0D323B7115F4BB86F1FCD1A8BA77E0358AA7A9
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....~._...5~....~....''O....~...g...8y..>?~.../N..'......_|.{=../.....:y...z.{.......'.......u.._...'....7........~._...5~C..............*d......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^........

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\118.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1231
                                    Entropy (8bit):7.000516366719469
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQWk6kY9CwchdXaB0wypv7nzTvVgss/H8T5+:XDFhhKYaV3J36kcCwEa+w+vzzTv+HJ
                                    MD5:E3E3616076D0C2C5C14823840B3A4C1E
                                    SHA1:80B8C357F615DB9391701B4510CADE5066B5C7CD
                                    SHA-256:CD3D653A82B5FF9C21EAB5D58D3EA05FEC0B0FA011C955E637A268D9450976DC
                                    SHA-512:160D7269C5DCAA393D97C8B482494B6A9894FD659D23426615497824A72248480EBDAFD92967BE3BA7902E3FD60B53FB3207425E00F179164DEEF95F79CF1594
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.......k.....O....wN..|....'..}....o...../...z..~..'~../.<9...'.9}...:=.5....O..~...7.._...5~......~........_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....k

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\119.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1232
                                    Entropy (8bit):6.9866656926010045
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQKtWS94zxNSJ1xLpxCN+VJ2LEzMRUxY23:XDFhhKYaV3JERKFUms
                                    MD5:302E693B8D4367628AF3AAEA7FA15FDB
                                    SHA1:4C3EB8BAFD488C48AD70A78A1FF88B3F774E709E
                                    SHA-256:37D135956E5F69C58D0C3880A9DD3081B6E22E6B8F96ACCE9B7CE5D90487EB43
                                    SHA-512:35D908A614DD843A7412ED2CC883BF0AE81CEED964A3FFFFE56E22561F9B16DA8C33E5FDDF9243991E09F9E150322F21FF8C1BAB2ECEAA62DEFF37493B73875B
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......_...5~..W..z......._<{...g.y...?q...7_~~..s..O..}......O.<........_........?.....k....?...G..................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......5~.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\120.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1230
                                    Entropy (8bit):7.047667808127327
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQs2gJYTmfVHMhfgXwrPmT7sILohUS0n+tg:XDFhhKYaV3JZgcmtHMhewrBuohUzcg
                                    MD5:6A042EF9B09C276EE0429AB2B72EBE78
                                    SHA1:54E2D1F2552DE802504F5119DCF2E212933D0AAA
                                    SHA-256:6B071CEF742C50BCDFC09DEE0A93C2570288E6FD13BA2979AA465FC794014BBC
                                    SHA-512:8E69DE9AEE6A92B9DB26D989DB9DE0C9DC92F9283DF320F3A4C7A5C10CFD23BE107375D9905BFC568BAE99F032C58BD7D093F647886EC2E552CA62350D72F815
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..{;...k............/^.=......'........../.........|q|.....'.~.....?......./.............k........K...G.z...k...!.N.._......_....?....h.k`......7..|..7.5~._..@..K~._........5~....~._........5~...7.5~._.;..t.^.u..,7_s..]..;oD....>....u..6...U.......u~..1..X^h..o...!..........A.............7..)../.r.........&....O........]Ct~}}........c....k...&..............r.k........&..........5...................h..?.v.&...~.......o.Co........7.A....~M.2..........h...5...........ch.k....../......<..k........_(..C._......@...m..?.;.....c...k..?..~._........5~..K.._........5~......5~...._...5~.w.5~._..~._...5~]....!..o.E.l.o.E.2..j..`N.._.7

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\121.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1223
                                    Entropy (8bit):6.977856762365207
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQscC9Hn/S94zxNSJ1xLpxCN+VJ2LEzbuO0X7:XDFhhKYaV3J2oRKwpe7
                                    MD5:00DCD4A50CA83CDB9ADCBA6E9C0F79E3
                                    SHA1:785D5084AEBBA7469D4F2947E7B7F29BC63B0723
                                    SHA-256:B26F0945778CE4AC32FD40C11F2C9A83B466D2E233F545A78122E029A414C6FF
                                    SHA-512:BF4A2EE7E4A033F29F31B4196BDB66F3E7E91BED3CEABB79C1B85207E6176856FC0A3C41155859A4B9953E337AAFFB8CF35FE4D1F32A778BC3438D41BCE23C44
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..{....k.....w.......o.q............'_~.....O...../.~....../.../.........:.....?.....k....?...G..................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......5~

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\122.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1231
                                    Entropy (8bit):7.015253183860827
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQFjAlkY9CwchdXaB0wypv7nzTcsD4W+d5:XDFhhKYaV3JF8lkcCwEa+w+vzzTXD4d
                                    MD5:49AE2094189B2B31FC1B4FF9F297BBD5
                                    SHA1:1EB1EBC6A47955DAA4EFFE9606D01908A2657EA5
                                    SHA-256:E446B91078602A21E453D1739C4E33FC736BC74A068F89E487B5481251A7BCBA
                                    SHA-512:B04AD79307C2E50E63DB26C17A9E325C75479BF6AE634062F466EF53AA2436D85C00FD879F96EDD78E1D42F8579601074A4C6E4F04A64B4E5215C0EDFAD6EA25
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..{{...k..........y.{.<.........^/.|..'..xqrzr......}.../~.'/N.........O~.;_...g2.w....7.._...5~......~........_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\123.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1231
                                    Entropy (8bit):6.958751950575394
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQJtmS94zxNSJ1xLpxCN+VJ2LEzZL1exLJ7:XDFhhKYaV3JJtnRKzLJ7
                                    MD5:7E40FB411982D70CFEA48F8FFD58DAC2
                                    SHA1:4E51CBF45D49676433383AC905E08FB1E501890E
                                    SHA-256:92EF0362E164726A31EA3AD9266D9A3DB7AA829F47CB131279136B46EC5746EB
                                    SHA-512:C1CCAACE0F6A3F2E11DDC9F7A4B95329D50353773D5A208C70E5F5CCA0A7CF0DF25ADC7E82E816F484647B5004678B0EEF26B53CD1C6BC92B609225872313D7A
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..{.~._...5~.......;....../>.../.}~......x..O|y..N._...'O..........?q...zr.k........?.....k....?...G..................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......5

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\124.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1215
                                    Entropy (8bit):7.0199609669955345
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQTgRwS94zxNSJ1xLpxCN+VJ2LEzTKZqS:XDFhhKYaV3JTgnRKB
                                    MD5:3BB8F96166CA1A57F246B5F0938C6542
                                    SHA1:98B98B86B8E31FEA884A9A2FC0D93AC2B982559D
                                    SHA-256:741275B6A63F43F6B8F40F17F3F749BDCC7323CD45CBB2F1D0852EA62ACA6D7D
                                    SHA-512:28E4410F283D6492E4799253F8160BD6A4E0065542EBB507C2BB469CD0410286D18F36BE28429D3CE45EDEE87130133595DB783FA31E6CF3DAECCB7EBC27E2CD
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..{....k........O.8..~.../....../.x....O>;~.....?.....}|../~........._.?..._....oS....?.....k....?...G..................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\125.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1242
                                    Entropy (8bit):7.050701785785945
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQLwhYTmfVHMhfgXwrPmT7sILoIWjv/NuaOim:XDFhhKYaV3JHmtHMhewrBuoIW7/Djm
                                    MD5:3C08C7BCD09C933961A04FDC00608127
                                    SHA1:8B5915F7ECF82DAD7225A781F0BF1993394410C3
                                    SHA-256:DD03B9558B2C76D7D33CC34458AE2EFE9EC7B38F75BCE334304D01541123E694
                                    SHA-512:7657A5858D748A254B1E9CF7A4055DFEBDE21FA5C024DB4679243D12C51145239BCF83AEFFCDBCD9794849E0A59A5E96AA97BE21C41758C7C66B23C649D2CC67
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..{..._...5~........o...../N........../...../.....w...O.....sr.../.xr...:...{......_.........k........K...G.z...k...!.N.._......_....?....h.k`......7..|..7.5~._..@..K~._........5~....~._........5~...7.5~._.;..t.^.u..,7_s..]..;oD....>....u..6...U.......u~..1..X^h..o...!..........A.............7..)../.r.........&....O........]Ct~}}........c....k...&..............r.k........&..........5...................h..?.v.&...~.......o.Co........7.A....~M.2..........h...5...........ch.k....../......<..k........_(..C._......@...m..?.;.....c...k..?..~._........5~..K.._........5~......5~...._...5~.w.5~._..~._...5~]....!..o.E.l.o.E.2..j..`N..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\126.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1225
                                    Entropy (8bit):7.00819628714283
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQI4LS94zxNSJ1xLpxCN+VJ2LEzqm0OphpCDMbFn:XDFhhKYaV3JdERKjp0CDEn
                                    MD5:BF304C356AA64AF7875F227F32CBD0EF
                                    SHA1:C376826ABD535275DD5809F0266249909E5F717E
                                    SHA-256:198494F9CE72BDE0A28A930B13EB0F6D971E494BB12AEB1D78055242DF0F288F
                                    SHA-512:88C829D961A5038F08B7FAD6044742605D0B41F6764BF35FBD4CFC6BFF169ACD52AD8A7B98CC98567BB56B6C12E8D39878505B07029F17A985F17E70F7BE8AB5
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..{..z...k..._>..../.>......;/.}.../...'..x../O.....s..O.8....O.>}...._...............?.....k....?...G..................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\127.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1240
                                    Entropy (8bit):7.002098211707679
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ2WnZ8i39/62M0a/k0HqZVH1hkPIsbxTiubvbrjE:XDFhhKYaV3JnnZj/OH1Hs7BsbdiqjE
                                    MD5:96BADAAE82E55556317D1882D4F9356C
                                    SHA1:E869EBBEB46B5D39E87766A7F5F579EF3557503E
                                    SHA-256:CB265C6737ACD4DCB41E9A6669D96509455362AEBB65848E1AE9A6F3A72473BE
                                    SHA-512:C61A9B0B2277F9E555B7843FCE0415A6B0B49BD0660E49292E865D74BB84332880269A45A72759859ACA872A25E0811B93A8DBEBEE84D6EFC5ADE35ACC003EB3
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..{.~._...5~..._|......./^<.....|...;.o...x....?............;..xz...zz....O}~.k.A....._....~...5~._......._.{..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.k.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\128.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1213
                                    Entropy (8bit):7.0103486076767645
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQoIMPEkY9CwchdXaB0wypv7nzTSuUYXfQV:XDFhhKYaV3JoIMPEkcCwEa+w+vzzT31y
                                    MD5:5E5F047F1DCA6FE0477135790BA50C03
                                    SHA1:6B1302207763AE3F8BE1C3B6F10311BE498992E5
                                    SHA-256:8D167E1E2BB75EDB64D0DCAA64A7670ECDD748045F38D2B779C4B5EAF082FEF7
                                    SHA-512:205D20956A2E843B761543B744834C5BEE3304AB70848C423CF84577964C42DF1DAF56B336B04F542D950C9EEBC9AC69F75822701A1037B135673EDB34A8461D
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..{....k.....O|....'.'.....w...}.{.x...z....z..O}..'.../.~......_~.../._...O~._....~...7.._...5~......~........_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\129.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1233
                                    Entropy (8bit):7.046375986305646
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQfCNaiQhLWxGJO87xX6HlHkrp4/Lug/2uy33j6yF6jDa:XDFhhKYaV3J6Nw/J/oHpg4zj/xs3eyFR
                                    MD5:B53D0C4A018A27663D0F5DFDF708650B
                                    SHA1:9EF8B9DC74DD9361B4EE3C4700FCA5D84D9249FE
                                    SHA-256:786779B809FF45859661D449998BFA2A93CCD2DFA63D4A6C5611086454C73BA3
                                    SHA-512:B943F8B963517990B49CD8E7C0F383F8FED5CFA57EB56C93B954426212F092209BB067F0E883AFB4CD8A32FE42372A741CAD4F9F0E31D1870E4CA163E1FE1ABF
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k..{..._...5~..W_......O.~.....u....O../_>{..'^..8............9....O.^..q|.S.g....g..o..O..?.......O.{..o./.=......z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5~.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\130.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1228
                                    Entropy (8bit):7.020204757735029
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQoJV8i39/62M0a/k0HqZVH1hkPIsbxFD2sSQ8:XDFhhKYaV3Jojj/OH1Hs7Bsbv2r
                                    MD5:E2C3626299E93378D7F3FD83432CE80D
                                    SHA1:11617DD38FCC2D1BF1EA981FD4E87429AF51BB20
                                    SHA-256:926F73A553916C510599B8BB9C3A4AFD4A2B6C5CC6E28F31112B5D7D340A0A8E
                                    SHA-512:97FB98583F6BB66B64C17E579DB8A7333BD5783E1FEFDCCF246460646587EEA16EBB88735EB183CE480F7690A861C05AD8509000953F6422732D2EFD00E7C227
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...v~._...5~.../.z....'O^..}......8....._|yzr..:~.{?9>.../.==~.......?....._........~...5~._......._.{..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.k.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\131.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1225
                                    Entropy (8bit):7.065525527241366
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQywMU7wyV9ZspJBafrXGSy7Qurzaf5cUKJ+T63:XDFhhKYaV3JyHa2oxxcUKX
                                    MD5:E3F01BD33C104062C2BB2666F8171BF5
                                    SHA1:81364AB236DCDA4E837CE94A52A1918718887A82
                                    SHA-256:4CE29CA39E4A1FDD726DF01B30FCBDE55E1F44CFF9CC1BFEE8971882EB57D9C7
                                    SHA-512:4A9E0E52372130013BC546DA710B49A4F90DF68B89366E849B64C2B3DE2FD045025D9D53946EEF24A7C6995DF1A240739F96D7217F835E918A28F05776AB3ED3
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...v.._...5~...|..............O....g/^..:~.......}|........O_|.../.8.......?.g.:..'~...u.._...'....7........~._...5~C..............*d......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^.........

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\132.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1238
                                    Entropy (8bit):7.029692696200994
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQoGbLXAAf2shjZCcHNmuS39kxzHc8UYtDEyiqh4IEUE8:XDFhhKYaV3JoGbL5uCCsm8y8rZESV
                                    MD5:F41A9B9A436067BDBDDCD11973A458DD
                                    SHA1:3030BD18DB267B213E55DBFD5695187F2295ECCD
                                    SHA-256:D05F905A64B29C66D6606413169E20360C18507C16F6A190CDA5D3A50BD84723
                                    SHA-512:CFB46393B03E8ACF736A48079E3F8D5E79638F75F8F48962E3645E83CE6585E609DF63035ED9375BB7953631000E0DBE3AC85D3019CB3F66463FAFE6A2E96F15
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....~._...5~.....W/.}.../^........O~.W.~.....?q..}....^g_.......O^.x.......?.k.a_.9..o.c...k............/.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\133.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1228
                                    Entropy (8bit):7.038036024904783
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQhDmcQXAC4DcFAiuY8C+ZkdWa7DUa9c2vSO0:XDFhhKYaV3JhDmcQwC4Diz8ChWYnc2vA
                                    MD5:B96C6F53F809C1817479A65D608D4EA7
                                    SHA1:D3A7B63334BF572252EA4CD394AAA6D6D248B244
                                    SHA-256:C3541570BEA1B7F9BC024054673CCE54ED74186E7EE6E9423A0DAB5F81DEF2EF
                                    SHA-512:873180869A285B6DCC4558895751CD5339173389B73484BBA732DFBD95F441880CA2DEE252A3CB488D455CC9A6FBB2BF0E2F2E8CFFC8BBBEF101C988E0895345
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.....z...k.....~...gO.>{......g.>>~....>=~............O.....s...../._|q..O}....=............~._...5....?......_..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\134.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1232
                                    Entropy (8bit):7.027826094897323
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQdZZXAAf2shjZCcHNmuS39kxzHc8UYtDEy6/MwpzZFtk:XDFhhKYaV3JT15uCCsm8y8rZEvpjC
                                    MD5:2B8246D4C36EC336C381BDEEC297AC78
                                    SHA1:8B142D9D7A2E8792ADC309A19A0299A28EAF3DA1
                                    SHA-256:F915307628E0EBE4034B8A12DD971334A9A16017CF11A83139C80D2678AC9C8E
                                    SHA-512:25AE1AD0156093DD7C49AA7A606AB1B29E42E132E015D59E29E0FA40CDC06E2F0828952110EA169E7703740614BEDF0CF4AF5AB61DADE2751E1AFF70F96192FA
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......_...5~../....~.{.<.....:y......N~.../....8.......}......N.'/...q..........O.{..o.c...k............/.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\135.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1229
                                    Entropy (8bit):7.01610207774156
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ5p4UZkY9CwchdXaB0wypv7nzTnMAKZ/:XDFhhKYaV3Jb4ekcCwEa+w+vzzTn0B
                                    MD5:D72B16E981E5F8930CFF5B27092645BB
                                    SHA1:75D3B82BC6AB0EBC9C27CA5E99A12D0858BBA59C
                                    SHA-256:32B996A9D3FACC305F055BA1000A60DACD6E93C15ADC2CA0D0B45F9752D5DF9F
                                    SHA-512:144CC6885994DA3923648A51A09BA3DF9728F7058E9E58139085681BD091E30D9072A8A6C95021D48F3C9E81E2D8A71FA5FDADC03F95ED6E6331D510AD8A2B3F
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.....z...k.../......^''/^|q.{.?;....^.<=~......O..........9{...._.<..........O<.=....7.._...5~......~........_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....k

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\136.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1229
                                    Entropy (8bit):7.014096571561593
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQOmmeYe/S94zxNSJ1xLpxCN+VJ2LEzER8Rou4ZFtyT:XDFhhKYaV3JO4YeIRKjwWe
                                    MD5:251F1C2F1CF07148397BF6EAFD22704D
                                    SHA1:A680E575C1F86E395CC4E9CED66D44C447DD351A
                                    SHA-256:574D6E74C1DF7FEC90A8FFEC361CF38F5A05715F9C3BFA7744BE5E3426B33C57
                                    SHA-512:767F61CDDFF733D624E3AF8F18532C24ADA33533E119B5C169E803720EA57BFF9028C783646520BE2507A16A9D48AA8549E008213F676FB65B2D5418E7860707
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...>..~._...5.......=;>9yq.{...?..w...._../^<}....?.....}.....ON.x....?q...:....{...W..?.....k....?...G..................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......5

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\137.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1220
                                    Entropy (8bit):6.984084023396346
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQqPLnsEBD8i39/62M0a/k0HqZVH1hkPIsbxPRsNvmwZg:XDFhhKYaV3JqPLDj/OH1Hs7BsbcI
                                    MD5:76030474DB5DFF6F298381650E1E5D20
                                    SHA1:C4145CB1B37837257C8A9A0B22D8D2269480133D
                                    SHA-256:F0F5DA4B114CC9A81CEE59E90B3850646A4D768691F7F20CEFE889BD1D29D0BB
                                    SHA-512:FD71E742F59C4D9F1BDB0914EC8F84C9DD36612AD2D63706779775FEA8573BF3775AA27713B00CE4FC6F038D6AB4CCEDABDB2E5FCDECF2DD649A44BDDD42C487
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.....z...k.../....w>.r.....O..x........_...xr.........>>y....gO_<..N..8~.S.O........_...~...5~._......._.{..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.k..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\138.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1243
                                    Entropy (8bit):7.028904464600667
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQlx+xnAHAAf2shjZCcHNmuS39kxzHc8UYtDEy7dkcDfO:XDFhhKYaV3Jv+Za5uCCsm8y8rZEOkc7G
                                    MD5:34AD51D44CEFB1EBEDB324158A7D25F1
                                    SHA1:6F2B5800B468CBDF8C6FF279810696963EAFD649
                                    SHA-256:22DA668680031DA6A15803083D37EC6A5A8AE176607461836AEB3A12D39FF81D
                                    SHA-512:E1E510640D6A89F372F4BFD64FF3F16E2F7AA23B66D6D4B5342AFEE99CCB1A9520D685896C34D7713AE502721503A05EAE489D900F290D673C17D97FEB21EEE9
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....~._...5~...x..o.^.>9{....?....'/~...../NO._<............s..'O_<..../.....u.k.C.........o.c...k............/.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\139.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1221
                                    Entropy (8bit):7.067778394611707
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQnLHyV9ZspJBafrXGSy7Qurzaf5cU9ywb6uCyFC:XDFhhKYaV3Jnla2oxxcUvYP
                                    MD5:CCA086E60AD6D041A7EB7AC0EB0570F9
                                    SHA1:F9504518CE5856AA4E8F0DD8BE0EB22B880E665E
                                    SHA-256:B165E01E001D1222CE9ACA9505041E1029C8469C59E2F3FE965574C15A1648E8
                                    SHA-512:A7CF98742E944C73E26E2E7B75FD5EA6A2E0C342F97217015EF876A27714769DDEE192C8BD7DFDA6D653F8A8946BC587E995357C53C8A53B56E27F2F4E5132B9
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.....z...k.....xs|...'.y..;.'..N.x......>=~..'/>...:...>>>...~...xr.....'?........u2.'....u.._...'....7........~._...5~C..............*d......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^..........

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\140.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1203
                                    Entropy (8bit):7.0724249080810315
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQs4ByV9ZspJBafrXGSy7Qurzaf5cUh9O6dzr3:XDFhhKYaV3JXa2oxxcUK6J3
                                    MD5:AED2CA1D5B37A887E118EE5CB3F851F6
                                    SHA1:D21D6CA06F374AB863D845D9B358B73D5D120FB9
                                    SHA-256:C110BCD3EC979B4F6EB15AF709F3BC07EE1D4D59C9D3B75F87FD42EBAF3CA0A5
                                    SHA-512:92698FC4B361A8F00742E5C269C079ABCB5A2656719C79040A140CA2D533E337BB55C2FE00473709AE01BD1F7B32946840EB14D07991AEA8A46A0E7F344A1CDE
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...;...k.......<>;{rr...<9y......y.{...8>......<~.{...}.O^|..'.......:>.5..._>>.'....u.._...'....7........~._...5~C..............*d......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^..........o..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\141.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1228
                                    Entropy (8bit):7.009416148558042
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQsc1gDQhLWxGJO87xX6HlHkrp4/Lug/2uy3GW8mdSbbT:XDFhhKYaV3JPgK/J/oHpg4zj/xsGW8mI
                                    MD5:95E5CF1C158F93BE7ECED4DB23465079
                                    SHA1:CA9010278AA24FEE65B662328FD3177EF4F40962
                                    SHA-256:BF967F304A68EB496E143E6BFD274C5917B607DF7FDF77D1A024A608D11A40A2
                                    SHA-512:5B8268589786C50D1E82C7E8FFA592DF6D1CAA33F7BFFD75857A60FA1458B038BC4F760016DC0B5ED1EDBADE2B38248ED344EE9EEE0C953C9EDE64172FEEB38C
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.......k.....w^|....'.|....N.8...y....'?q..~......._|....._...15........?.....O..?.......O.{..o./.=......z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5~...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\142.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1216
                                    Entropy (8bit):7.038267886817372
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ7hCHvaXAC4DcFAiuY8C+ZkdWa7DUaXdlFEH0P2Q:XDFhhKYaV3J7hCywC4Diz8ChWYZdLNPX
                                    MD5:31781710B68352DC252B752D8FCCFDEF
                                    SHA1:A341AB2489A3C502596DDD740305A5531776C265
                                    SHA-256:EDF9FDBE28D7B672E390CC5EA3D00CED392C2159C3CBF89028DC3860EAE69141
                                    SHA-512:2C3FB8B99F0E5CB29A7CB0632078540E1189B341A86975F95E1740EBE7E893C3FC6D2D3741F565081B00D89219A7C27762B9E4AF3CCC1A7B9265F77E04FBC372
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...{...k..........<;}./.|.._<;>...w..7../^.>./>../...}N...O~....'/..'_...Sg..5~.../..O.....~._...5....?......_..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\143.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1214
                                    Entropy (8bit):6.973828234077221
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQJxsXaS94zxNSJ1xLpxCN+VJ2LEzPtsfYCdZ16rnby:XDFhhKYaV3JJKXLRK1HdZ16i
                                    MD5:19054C75EF8EDAC780182DC33B1ECF79
                                    SHA1:6B41ED9C04A6FBD7089C2EC927716A34CF816D16
                                    SHA-256:1AB0DF0F28876E863335E6F578857A502B974558F32F81A492522C0845274120
                                    SHA-512:B59C5EF3B63B02E94A0FE660D46AD7CCBEF995C0F2E246F2D8C8E6A9B3E681E095ABB950BBF80B0D5BC409237E8B49E3FBDFE77606BDC29512C771317818B589
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....~._...5~..._........_...xv......<=~..;..........}qv...../_<........{....o..?.....k....?...G..................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......5~.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\144.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1219
                                    Entropy (8bit):7.047979965080222
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ7y0n1XAC4DcFAiuY8C+ZkdWa7DUZve5Gi1pA7:XDFhhKYaV3J7y0n1wC4Diz8ChWYEvdiC
                                    MD5:F108CB3321E8D69AC514705F9EE1B42B
                                    SHA1:AEC96AE89586E050E6EABF17827805508E0559BA
                                    SHA-256:AED801D5A189781E635B491C50C02C73CC83142EA2D16D07B8226680DF0949BF
                                    SHA-512:DA0EB2B75C931CAD7000F3E5F58045803E12A630EFE2F3D912BEF18045135E52B7BA65EF280D5E6062D10CDE44F7AEF6ED0614B926AEC855ACD5C8AAE3071884
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.......k......_~u.........O...x.../.~..'O_.xz....O.9..~../.|...x....../....wN~._c.O<.}.....~._...5....?......_..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\145.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1207
                                    Entropy (8bit):6.974625426212995
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ0BsKWS94zxNSJ1xLpxCN+VJ2LEz4B+b8sB:XDFhhKYaV3J0BswRKsB
                                    MD5:94D0A30D2D65BC28E9C9217A0DCE3EAE
                                    SHA1:70B1BFF8898989E16756235B229645D284218B7D
                                    SHA-256:1A4BB359861ED9E7A341503D757825E605719CD78E7E8F49CD5B2FEE2F9A96B4
                                    SHA-512:83AB20CC27E1AAC3984274607BA3B4512C2F6DBB42297E8297927A6B3E4A97115FC833179D01C84EAA47DF067267A871FF4E97CF09CAA403F361F30C534D04FB
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......_...5~.../....OO~./_|....gg.~...../_.>==>....?.{.??...9;=./...._.?..._...3..F.?.....k....?...G..................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......5~._

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\146.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1229
                                    Entropy (8bit):7.008159423559416
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQi54dqmD8i39/62M0a/k0HqZVH1hkPIsbxZOR4hwdO5D:XDFhhKYaV3Ji547Dj/OH1Hs7BsbnW4hB
                                    MD5:2CFEE84DF482FE757E817509B95265BA
                                    SHA1:D94165D25E245B37A5328DA6CB132B6CBCDF0F83
                                    SHA-256:698E97684BD6A3C3271AF541A220C2362C544DD9F3A5A35E9921C0DE7BC52A14
                                    SHA-512:C6304EAA14B288460DD19F5CF43579E44D0F71F72BAAB572C95AEE30C7D5B3EB6F24AB636554BC00CDF82FEE6FA0752163133C0DFFA72F0484B8196C9B43D9D5
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.....z...k..._......../_|...g._.8y.../_<}....zy......._.>O~.......q..O}...?...i.....~...5~._......._.{..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.k..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\147.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1224
                                    Entropy (8bit):7.036895309229509
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ5bYTmfVHMhfgXwrPmT7sILokMbqbmEM:XDFhhKYaV3J5OmtHMhewrBuoLeJM
                                    MD5:56696D5323C99552A186A3DE50BA58A6
                                    SHA1:4C9DA538B799C1401EAC6F7798278505B8B5DE0C
                                    SHA-256:48F7D9D94B94545D02023CBD6AEC02D2D223D5604B7995ADCF8C1FC5AB640AE4
                                    SHA-512:A1B739DF3758C3712786B98417E11003F27FC592694099F27C4A0D656149FE77F655BDB1139F77CBA09169E4FFB651459EB56184A634BA8A83DD1529883B472E
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....~._...5~.../_........_.|........oN_.x..........{.??...:....._.^/.|q...._...................k........K...G.z...k...!.N.._......_....?....h.k`......7..|..7.5~._..@..K~._........5~....~._........5~...7.5~._.;..t.^.u..,7_s..]..;oD....>....u..6...U.......u~..1..X^h..o...!..........A.............7..)../.r.........&....O........]Ct~}}........c....k...&..............r.k........&..........5...................h..?.v.&...~.......o.Co........7.A....~M.2..........h...5...........ch.k....../......<..k........_(..C._......@...m..?.;.....c...k..?..~._........5~..K.._........5~......5~...._...5~.w.5~._..~._...5~]....!..o.E.l.o.E.2..j..`N..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\148.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1229
                                    Entropy (8bit):7.0308769720323445
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQWC3YTmfVHMhfgXwrPmT7sILo92a9SRfddDZQJAXn:XDFhhKYaV3J2mtHMhewrBuotAfv6Jon
                                    MD5:20000295EFF9776E12F8CC95DADC43AE
                                    SHA1:421ED6E85D4289AAE2AD12A4B158A70EB3FDA8FE
                                    SHA-256:9EC888814C7F9DE97C9F2663E4494E22D5338FFB2B8F97E03F6A51196B9C680A
                                    SHA-512:07F42073A0B225AF4848E4049B385CF9443E86D32284D0BECB7165C970D1A7041C5E1B346F3D028A56874317E8A48D3218CE612430F14DFA14A5C93436903568
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.......k.....O..O......./..8....o...8~s....?q|.S.......g_..g?...'.yy...?.......................k........K...G.z...k...!.N.._......_....?....h.k`......7..|..7.5~._..@..K~._........5~....~._........5~...7.5~._.;..t.^.u..,7_s..]..;oD....>....u..6...U.......u~..1..X^h..o...!..........A.............7..)../.r.........&....O........]Ct~}}........c....k...&..............r.k........&..........5...................h..?.v.&...~.......o.Co........7.A....~M.2..........h...5...........ch.k....../......<..k........_(..C._......@...m..?.;.....c...k..?..~._........5~..K.._........5~......5~...._...5~.w.5~._..~._...5~]....!..o.E.l.o.E.2..j..`N..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\149.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1234
                                    Entropy (8bit):7.027650317682284
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQRFsVLntQhLWxGJO87xX6HlHkrp4/Lug/2uy3NKnuFLC:XDFhhKYaV3JRFQn0/J/oHpg4zj/xsRFC
                                    MD5:4343814345CBAE2F80D4830DA713F0C9
                                    SHA1:2567539C859D4636A9AA3EC24DF210F3F16EA48F
                                    SHA-256:7005BE4501F100D6AE9E2BA1F7E5A0AF6EF83DC02BBDD3EBBFEF1D901B30DACC
                                    SHA-512:D4AB44A64895EB94FAB417610AA1BADD4FD107480202097639F539F352A70D9D0519686D73F151296C522E3DF5537BE89BE77859D22B743CCB2966EE2781D479
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......_...5~..W?....s....g_<9~.{........9=~............O..|q|.....O.^..q...........O..?.......O.{..o./.=......z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5~.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\150.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1213
                                    Entropy (8bit):6.989213091069038
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ2vqLwS94zxNSJ1xLpxCN+VJ2LEzPfqb9ilD:XDFhhKYaV3JTLBRKeDD
                                    MD5:8F1F4AD51E56AA011F1AE3ABE2DAAF80
                                    SHA1:F570AF4CB6AA987985A6858871FF0163CACAC1B4
                                    SHA-256:1B1184C97FB185EF0E3F65A999ACF8FA66751AB409639880611BD215DA507047
                                    SHA-512:FD5DB5C3C9BCE3D1F00291208B5B7FBEB8262AC22ED23CE0D50779820F3C10AFFF5BDFAE87A218AF30EB3530CFC14E3152B2A1608F99DD64FBBC637EC5210C32
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...w~._...5~...._<;9{.....^<......g./^.8>~.........^g_...../.|......?............?.....k....?...G..................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......5

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\175.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1218
                                    Entropy (8bit):7.020468766330052
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQM/J8CrkY9CwchdXaB0wypv7nzTHNI2IsZahtn:XDFhhKYaV3JMBjrkcCwEa+w+vzzTZun
                                    MD5:CE7918B26A94C1A3C98150FC95E97B1E
                                    SHA1:9AF311095262C05E66B9910E1EF88B85F2A84033
                                    SHA-256:410BFF7A452543CF8D956A870737A45660901F98A83FAA7D093E898C5FC3B597
                                    SHA-512:8BB77CFA721860332565C68A26D83A36A8260C9C0D563B9E8C887D7C42C907828C16EE1ACF2C3D08658D91660F773F48E91C81B2E468A9B3898D06FD7646A6F6
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.....z...k.../................._.>o.x.../~.....g?.....}|........._....?.......v.....7.._...5~......~........_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\180.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1221
                                    Entropy (8bit):7.023805652502866
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQXSpc+YTmfVHMhfgXwrPmT7sILoO/HQMh6dE/:XDFhhKYaV3JCK5mtHMhewrBuoOPzhwE/
                                    MD5:08EA13D43C1998EBDA0935F6625F16F2
                                    SHA1:18013532939E722B42A15CC4515D4D82FE74B765
                                    SHA-256:5F360F3E1F3176E5CD86639C857787C892EC444BD5598539DEF00CCCF2903044
                                    SHA-512:AE8FC36B5FEE7A2B71666866FBBE740209A46F2B404BE4E6FE4150308B3A3F44077076F584286A5F24FA8A4C620CFBA29CAF8F96C31F7AC2D4340E530E078115
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...;...k......O|.....O.^?9=>y..;O........;/^../~./........._|...}......W.._.......k......?.........k........K...G.z...k...!.N.._......_....?....h.k`......7..|..7.5~._..@..K~._........5~....~._........5~...7.5~._.;..t.^.u..,7_s..]..;oD....>....u..6...U.......u~..1..X^h..o...!..........A.............7..)../.r.........&....O........]Ct~}}........c....k...&..............r.k........&..........5...................h..?.v.&...~.......o.Co........7.A....~M.2..........h...5...........ch.k....../......<..k........_(..C._......@...m..?.;.....c...k..?..~._........5~..K.._........5~......5~...._...5~.w.5~._..~._...5~]....!..o.E.l.o.E.2..j..`

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\182.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1225
                                    Entropy (8bit):7.073636266606844
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQxCCElQo4eZyV9ZspJBafrXGSy7Qurzaf5cUDANI0haQ:XDFhhKYaV3JxCCBoTa2oxxcUUvkVrC
                                    MD5:0C302923EE5DB2E9D7CAC9001A211074
                                    SHA1:37BA0F9F4D332B8145D00A4EF4A6E3043BF518F4
                                    SHA-256:D5DD154681271C3C3341C2CF26D936C4494C1C04A9D1B740CC48769018EB9837
                                    SHA-512:2AAFF34EBE3CEC85FCBCABF445FB3334F83CAD425E87ABBE921B400017FBC3E74F95E889E6572965BE6077D19454429ABC1D95BA535F133B425DDC1834699BDE
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...{...k........'..>........O~.'.~.._...N......./O......}|../..?y.........O~.._...C?..>.G~...u.._...'....7........~._...5~C..............*d......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^........

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\183.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1238
                                    Entropy (8bit):6.996008495590778
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ03h1gQhLWxGJO87xX6HlHkrp4/Lug/2uy3Rtp6OVoaQ:XDFhhKYaV3JgF/J/oHpg4zj/xsR3tAuK
                                    MD5:2B83D82872922E143AAC96EDC82058D3
                                    SHA1:BA13025F8F1A1B9715F78A937A80A0889D2C1CCA
                                    SHA-256:7C93AC2907C598BF6020E0D5E6EEA6B676F835560D2DEA4CF50D698E8703A9D5
                                    SHA-512:04496F8BAD327970F99205FC91EC34D24AAF625AB074891D09E0E8B37B646033018465DC9F24D85981B247690DBAAA7E3314B4074BF327FB84849699F904E5C9
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....~._...5~...o.:~.{=y...._....../O_.~..'........{r../~..<.../_|../.8~.Sg.~.......}....?.......O.{..o./.=......z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\187.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1206
                                    Entropy (8bit):7.047902745747187
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQEZEXAC4DcFAiuY8C+ZkdWa7DUjWKZ86T:XDFhhKYaV3J0EwC4Diz8ChWYU8y
                                    MD5:8CE6EF2D0694853B5CB8D84164DF1603
                                    SHA1:32E93D2F19963A6D42A102B8C72EE1254EE82029
                                    SHA-256:27EE8B09D10E2D6B329E6F26A34A080701215D351FD054078629F6803FB5E850
                                    SHA-512:F5F5ACEE2CFBDBEC41034ECD2DCF662908E7FF55D29B4F33D1E5C260C338E6482381E214AC6F9487FD8AD48EA656E7A619D8DE479503D57F56BE969C75EECE07
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....~._...5~........|...._<{...o....y.{.8;..._|.S/....'......xz|.{={....O...........K.....~._...5....?......_..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\188.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1230
                                    Entropy (8bit):6.999720220239841
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQc35LUL2S94zxNSJ1xLpxCN+VJ2LEzEPAtY4rk6/Tr0w:XDFhhKYaV3JtLXRKOdrkDg
                                    MD5:966C8E6E888FE5E0178B3A960882E85F
                                    SHA1:77B7FEAFDBBBAA50697A1EC8D21FDD2F0F1FD87E
                                    SHA-256:EE1F0345A9184A5319945D10E53185CC6E59666DD3729CDFD1ACE90ACD53FDBD
                                    SHA-512:9D01AB61EB5807E317DCED4714BAAF419BAF0D0CC65E9D61B2AFA46ECE912E237B62BD20D1A1A463B57F11A7F706520B973FE3B6E00965626FCB43E75CFD5E24
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.......k.....O<.......~....g.......~./_.^_....O.>.?........{}........./~....k|......?.....k....?...G..................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\189.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1220
                                    Entropy (8bit):7.026901369031782
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQRhQO8i39/62M0a/k0HqZVH1hkPIsbxYSsWiEkQ:XDFhhKYaV3JRhQOj/OH1Hs7Bsb7riEkQ
                                    MD5:C0806EC9BC15B7CC90FE65E4BD41B2FD
                                    SHA1:D3B85849D4A13490397BE31C2551AB521618EBCC
                                    SHA-256:5D5FC12419FE9A83EA754CA81F461A961792F10FB7193B1CB73DF09A08921225
                                    SHA-512:71B6704D9A79A3CCBC5B37544D440595A51425FD688616BFA540AEFD54EEC58E8D3307A65232F147188D820C053C19D1C17F84C492AB09BDC229933F2F3432FF
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......_...5~..W/......:..^.?9...g.'/....z~..........8~.{.7_|..W_<....w_|q|.S.>.5~..........~...5~._......._.{..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.k...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\401.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1197
                                    Entropy (8bit):7.043109543727044
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQsa5MPFxyV9ZspJBafrXGSy7Qurzaf5cUDda3sciE0Km:XDFhhKYaV3J7yFna2oxxcUDpciE05yw
                                    MD5:1A2CCC14AF4544B0796FDFA6A0CE013D
                                    SHA1:C95D8423F49E5736F8661DDCEEFFD34FEB2744CD
                                    SHA-256:E2263C31C3867931F15384BE5F7DD69CC140BA75EEA06D137D2FE945C3C32BA0
                                    SHA-512:364985BCEF23A1238D7469EEBBA395CECC707328C2220CA4B845E57204F906E74B4C1194100DBC2B377972ADF38CDF520FB9C191BC04667CAC26D9E8897D4373
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...;....k.....w.9..wNON~...'/...^/~....}z.............._.|......./.......?u....}......?.....k.......]........~._...5~C..............*d......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^..........o

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\402.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1219
                                    Entropy (8bit):7.017341822795235
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQFIZ2AGm9CwchdXaB0wypv7nzTvVdBY0T39x:XDFhhKYaV3JFIiWCwEa+w+vzzTvz
                                    MD5:49E1DD6E7B1A3BA0A1096D547754FCDD
                                    SHA1:827784A90D3B800CC274A837182871E7C063BBB8
                                    SHA-256:F61328EB5D4C80D29AFF0973E6F4D1265FE090D6A19BA49915BFCB0DCFAF00C4
                                    SHA-512:9A996975E6EAB2B97F6449EDEB03BBD08042BD36CE005E72CD46A490B4BF0640C5938214B265256B44857612888AE41BAD401EFB10BB11A039802A2168D568AE
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...;{...k.........<........./.x..../..<}...8}z....~....}...g..O._...._.........................k.[....O......_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....k.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\403.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1211
                                    Entropy (8bit):7.013591552098438
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQA6iGm9CwchdXaB0wypv7nzTTGNrrh2F:XDFhhKYaV3JAyWCwEa+w+vzzTTwrt2F
                                    MD5:E6E1E22BBD6B4E6CEE8F7143286A426A
                                    SHA1:EA8DC97A1384922436CCA8C64681ABFECC2AD094
                                    SHA-256:DA22C1F0F143DFF5385EB26F5CA5653080406EE5D2AD546E44F0298648941D44
                                    SHA-512:FD353BEA65A0C9B5AE035301D65078A170AC0221164387F4DC985DA01A2036B4BBF4613E1811F35FAEAD837DBDC9E9AEBFAB6323FAC9A488524382837DC8FD98
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...;.~._...5~....y.........u../N..}...7'.../....'^|.S_.?.......O^~..../..8>..'_....W..o..S........k.[....O......_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....k.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\404.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1225
                                    Entropy (8bit):7.017361319201589
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQYphFQNdi39/62M0a/k0HqZVH1hkPIsbxOM78G:XDFhhKYaV3JHNG/OH1Hs7BsbUA
                                    MD5:4B6898E4EA0D8CADB159456C8140C530
                                    SHA1:84CCE702D13456824A1761F77914204995A64B3B
                                    SHA-256:A7631BF43EDC080BC5D0E10AEF0F90380F5653270D6CE28EBA671E21D614630B
                                    SHA-512:5EA186633AB79E462CC04A5BB82849C8267F4D914463C82A6DC81E90A3DDCB9CDF502718CF977DA0867DD6595ED27F2A63D9A48ADB1930520F48CBDC4499F050
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...;....k........O....^'_.^/~.._.?;..._.<}...8~u||.S.........?......./N_|q....k....o.O.&..o.c...k.....w..go..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.k.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\405.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1208
                                    Entropy (8bit):7.010422996703042
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQLg4Zx94zxNSJ1xLpxCN+VJ2LEzNgSIeqyC:XDFhhKYaV3JUiRKe8
                                    MD5:E0CA35A518782D52B2D6C18C71A13F07
                                    SHA1:425DFA9983D24448B15940C898A3546EAA901CA1
                                    SHA-256:BE8335A9C5B7540D7AAC9B275E42B927050314A14BCF4E36BBD511ED352718D3
                                    SHA-512:00426A226009D80B52F330CE14590CDD41BFCF8117AFD2E053824C1C8E48FBD7439E7D84DCA48862D0B0F18D2DBC0738D83FA616D1A9F9418C19A8EE7B9D1D3F
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...;..._...5~.........>=..........xq...O<y...zr|..'_.|q|....../^..q|.S.....=..........~._...5......'................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......5~._.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\406.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1201
                                    Entropy (8bit):7.030437055710318
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ73qGm9CwchdXaB0wypv7nzfgtQbFG:XDFhhKYaV3J73FWCwEa+w+vzzqUG
                                    MD5:6C5A440F0EA2C40EF3041BD2FC88095C
                                    SHA1:48138023CBCCBFA67A6AA0DB14464A06A57F8EB0
                                    SHA-256:59542993ADF53E4D3C00C32E796839174042DDCCE3EA1D447DDE6D111B60A7C4
                                    SHA-512:8E90D8E39049CB9DF2A97EAE88DB0B76984228AB1531EAF072A54AB71D5FA2916FBE3DF08A89E4CE2287DA5102C30FFF45AFA7069D4A247F147E96F58BCCA93B
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...;..z...k..._>......OO~..g.~..../..>...?q.........wO~.'_........|.......5~......S........k.[....O......_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....k..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\407.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1222
                                    Entropy (8bit):7.008871498267967
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQHjbh9hLWxGJO87xX6HlHkrp4/Lug/2uy3M0TWi:XDFhhKYaV3JHnhr/J/oHpg4zj/xs9
                                    MD5:D74D6354DDAFC5E529F54C5489A21A61
                                    SHA1:D2332A9643AC9FADBE70A5070023E43ABB95FE5C
                                    SHA-256:92494F4C6A40FEBE9DDD3153115290EEA3093CA8AEB93C71A120AD085746D54C
                                    SHA-512:4AD0ACC9BC7D8D5DBFEF1EE5E511B649FE1A8EA9A7A4E5B381BABC025C4EFA78EA59CF9B85A06A46AA31491FADEEA6397FB633F4F1C0C95560236FB41BB097BC
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...;.~._...5~..._|u.......?..........?..._..../....W.}...._...../~../.8>......?......7.._...5~...............z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5~..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\408.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1221
                                    Entropy (8bit):7.016457113078556
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQW+rwNdi39/62M0a/k0HqZVH1hkPIsbxPEbX3wWV:XDFhhKYaV3J90NG/OH1Hs7BsbiXXV
                                    MD5:154595480472E4D0548B4732712B5055
                                    SHA1:9ED70E29690CAB51603F317148FEB956B659AAA0
                                    SHA-256:DBECD3000D233888CDE3345B17270DDC6AAA0A558344D02B7B78ED3043ACBDA5
                                    SHA-512:7E1FE8A2F0F3984BB10EDBB73B515ED7B5AA5455271C80D45B4AA12B37999CBA53D4A0BEC7417D423968DD4F81F7AFF25EC99F7381CC9851304CA5101D319CD8
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...;....k.....O|................g.9{...7O....O_|.S......w....w^>y...w.<.......{...._...^..o.c...k.....w..go..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.k..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\409.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1220
                                    Entropy (8bit):7.024172103554289
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ0DhQDMYTmfVHMhfgXwrPmT7sILootK5:XDFhhKYaV3JmhQDXmtHMhewrBuoku
                                    MD5:44DBE52B1E31D0E94C0B5A2E2619E713
                                    SHA1:1C30D79C29FDA2891E67F73D98BAE6F5377480E9
                                    SHA-256:04225E4E08C3B0D34125D66B7C16281C5437F8499E2964D105D5807D46966B68
                                    SHA-512:0FD679FE987B364DCD5B3180409755EA1BDD3316D53345BC21AB5B43992F09B1B8643976A8B902D97067E225B73DDB63CE52A41D1C563575A0934C876BE7A729
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...;..._...5~..W/...?....u.........7?.SO....O.>~.S_.?...../O~../...q|.S.>.5~.._.....~...5~._...w.......G.z...k...!.N.._......_....?....h.k`......7..|..7.5~._..@..K~._........5~....~._........5~...7.5~._.;..t.^.u..,7_s..]..;oD....>....u..6...U.......u~..1..X^h..o...!..........A.............7..)../.r.........&....O........]Ct~}}........c....k...&..............r.k........&..........5...................h..?.v.&...~.......o.Co........7.A....~M.2..........h...5...........ch.k....../......<..k........_(..C._......@...m..?.;.....c...k..?..~._........5~..K.._........5~......5~...._...5~.w.5~._..~._...5~]....!..o.E.l.o.E.2..j..`N.._.7..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\410.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1219
                                    Entropy (8bit):6.987333026750008
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQsYjxK94zxNSJ1xLpxCN+VJ2LEzsnUQib15:XDFhhKYaV3JZjCRK3UQY5
                                    MD5:565DFBF049FEADF7E7D9270C660E6AE7
                                    SHA1:1F1FBB38BEC3C99280D20AC66AF4CDD6B29C310A
                                    SHA-256:15FAD1D23AB70A3B4D3EB0B41EAC13F9E07D52BB479B523B378AEB76629B03BD
                                    SHA-512:1DFC04C8ECE849C203585A3A0DCC27D57C7D420DFFE25BECD3ECECB312671ECDC291DFEEB1E44BAC935A8148D2DD64E6007E5EA3871434DBF27C56546D9E60A2
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....;...k........OO>..{=?...^<...s..'O..~....zs.....O.{r../N...;O.._...q..<.5~....,.....~._...5......'................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......5~.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\411.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1213
                                    Entropy (8bit):7.055537811160559
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQscfpYQPfXAC4DcFAiuY8C+ZkdWa7DUlpIJTmgF:XDFhhKYaV3J13wC4Diz8ChWYupIj
                                    MD5:121921050E87BDBFFA08AC7DDB841B34
                                    SHA1:FDFB8CBB603A630F74A265F5E97B172A70A8D1A1
                                    SHA-256:1B14D3C173CAF26B5C37489E330295EA458F090B1F73CB931BFDCCEBE8D56AA9
                                    SHA-512:96746C0BBDA856DDF119F15E9F8D8F1B305D5A98066A0807E63105A6279CF933E5A30817610B3FC108F5DCA7CD048E1119C8AEBA602FD1E3B038CCBFC4C6DE0D
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k........k.....w.....O.=?.........O.=...xzr...O.>~..'_<........?q............6.Z.O..?.......o....?y.._..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0......z

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\412.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1209
                                    Entropy (8bit):7.080835062953505
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQFlAIrkyV9ZspJBafrXGSy7Qurzaf5cU9q9u4ND+M9vQ:XDFhhKYaV3JF1rYa2oxxcUF4ND9I
                                    MD5:04249129398F5CDF6F0651B5E2CA35AA
                                    SHA1:B3A2AF6A854CD2149A61DB3502776D7994EDDDCB
                                    SHA-256:39753F88754FD0FDCCF8CD91992CA83F7C7704A47CCF03540550B0BD83B3A30E
                                    SHA-512:1E77AC78879B6CD499021C28E0B6A902742CE7053E3AD315CCDA8F4856D3D27D146B2AE592EE9140CCCD6EFFB7AD67BD7EE1C8A068F71989791AFC72ACEFE1F0
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....{...k...........>........./....W_.z..'^>y...?...../N.....'O_.x......?......G..^..?.....k.......]........~._...5~C..............*d......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^..........

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\413.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1200
                                    Entropy (8bit):7.020170365448833
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQkxK1Z9hLWxGJO87xX6HlHkrp4/Lug/2uy3oTETL:XDFhhKYaV3JkQZr/J/oHpg4zj/xsRTL
                                    MD5:1F4F8419EA35638B9BC6BC1C8306CA18
                                    SHA1:B5CCC0DEF3FF11E80C6CBC014A878AAB5DFA9800
                                    SHA-256:178D2EFAB691A000E2FE9F29F665F614C00618F36358F0AA22CF313001257706
                                    SHA-512:23442ED44C2822AFF88DFAE2EE6B59B62C1DC921DECF0AED5B0CE975720CDBBD8342058C3A7F3A604D3A39FF33C58BAB9604FECF390350D0298804F56B8BF878
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.....~._...5~.../.:.......8...........O>}../^.8~.S.......?........._.z....O.<.5....7......7.._...5~...............z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5~...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\414.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1212
                                    Entropy (8bit):7.006768827068809
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQdPDfGm9CwchdXaB0wypv7nzT6fWZL5:XDFhhKYaV3JsWCwEa+w+vzzT1
                                    MD5:3DF6B5C728829A957A5579666B5D4761
                                    SHA1:6D8D1EEAC45E20985BE8729D5439D00774246D48
                                    SHA-256:46833E6D524AECBD6ED5A308B2FAEDF555452800C9732369FCF17FF89D913BE5
                                    SHA-512:11305163866217500DA4E11B54246CC4FA57A183B826DDC934CE70627DF23EE49F885988D3972593E172C954EC1FDC5B8ED348A34621A5BBC4BCFE625FEE8BD4
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k........k......?./>......./>?}.....^?.._...8=>...8~.{.??.....O_|..'^|q|.S.....4......S........k.[....O......_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....k.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\415.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1215
                                    Entropy (8bit):7.008901726287558
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQgAf2shjZCcHNmuS39kxzHc8UYtDEyQ+WMg7Tq+u:XDFhhKYaV3JZuCCsm8y8rZEYVMu
                                    MD5:8BD0DDF5D10CFF8BA315C9155B02935D
                                    SHA1:3E64FC69259A5BEBB04841C753CE244E5570A350
                                    SHA-256:6A8EAFC2C541A17CB759CF219B68546762A5BF6160FEB25E98707AA022090AA2
                                    SHA-512:F8CBD16DE284A8603182EF5E5F57990C168EE80075ABDDF67DF8D9E08BC1735EF7967462A025BA9F9FB065457B3714542C9F8A526DCCA89605724280086A2AB6
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......._...5~...?........_|...../^...|..'N..:...~.....>>..._..O.x....?..._........o..~...u.._.......<{./.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._....~

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\416.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1220
                                    Entropy (8bit):7.031774668281339
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQMj9hLWxGJO87xX6HlHkrp4/Lug/2uy3Ig0pf2p:XDFhhKYaV3JKr/J/oHpg4zj/xsQ2p
                                    MD5:804D0050771AA11B2A7A9ED0175C2CED
                                    SHA1:52D73902095966A9C6C0215323F9652F280A0E56
                                    SHA-256:0B3F1A9707AF34274B0A84525B3E14C0A76B92AF7373B3DE70248DE077F88CE4
                                    SHA-512:29EDDEDFC472356877BC37C1DBB6B71CE39C0EC3176C604C1AA5CE35B17A38B300530F531887E39A1E21CB4A54811C287A478A92313F73E49A69AA8855CECF0D
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k..._.....'.>....gg.....8}...O~....g?........?........'._.....O}.;..?....m....7.._...5~...............z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5~...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\417.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1218
                                    Entropy (8bit):7.042738337428058
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQvOeGm9CwchdXaB0wypv7nzTGnIeb9BM2n:XDFhhKYaV3JvuWCwEa+w+vzzTiM2n
                                    MD5:5A725AFCC6F6CA825170D4CBAAED892E
                                    SHA1:3B6EB646C8C7AACC39D6931C4CFED985F9742920
                                    SHA-256:5DEC77E3C3B9148D712F7A692C3E81E121D9B6DCDB33684622D5E3D9F5ACB382
                                    SHA-512:A7098A9D37C5C23CDDC6657C968B43531F55B6C4A0E44DEBECF6E312E2C04E693B494686E5F474BBD773E523AE85968C557EB574BE3AF2D117516C653FBC0838
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.....~._...5~.....z......'._|.....}....W..O...._.?......}..../O^.=}......../~.;..5..O~.....S........k.[....O......_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....k.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\418.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1218
                                    Entropy (8bit):7.047679400601578
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQjOp9hLWxGJO87xX6HlHkrp4/Lug/2uy3IgM13y:XDFhhKYaV3JjOpr/J/oHpg4zj/xsEpy
                                    MD5:43DD9B9D3D0E4E0C2110C85A19398726
                                    SHA1:C900FB906423D4437B77FD3F44BF5C77394F883C
                                    SHA-256:4E87244BFB8639F893D17AD7F128284F969BD42441268F067D90CE2EA5533D93
                                    SHA-512:7B0FFFBB0523861914CB883DDCD15405FBAB46932E41070ECC4E728E04ACE8F37F5855E96B4325C3911536E11A55D8D3BFA8188CB8D9F8A67F934E8EAF03AC8A
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k........k.....O.zs|..''O......?;.......xq.....}......../.<y.../.|......?u|.k.A.........7.._...5~...............z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5~.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\419.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1217
                                    Entropy (8bit):7.0416350647739225
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQq2q7kyV9ZspJBafrXGSy7Qurzaf5cU2BmwSF+:XDFhhKYaV3Jq2qka2oxxcU2Ee
                                    MD5:8B233DFD861BDA35E267AD8467B1A9AE
                                    SHA1:AEA583EF7DB7711C2021BF0BEDA7D6B2F5FE23F5
                                    SHA-256:3D0611F66FD82A99A42CB6273654CA7B638D7E08500202698360BC8F0B24BDB2
                                    SHA-512:CF1DEF9B85E5C37BEADA21A9AF14AF323213E0925A11A2E1B397646C1802EDF64E80E9AFAC22E38D6D0E3BD62DCD7DA1AC83E035517C1EEE84B8C43BBC718E5B
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......._...5~..W......N..............'..>...'?q|.S....{.??....'.>=~r......:9.5~._./....?.....k.......]........~._...5~C..............*d......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^..........o

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\420.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1228
                                    Entropy (8bit):7.019702983811634
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ6rjyAf2shjZCcHNmuS39kxzHc8UYtDEygKKMg7T38tn:XDFhhKYaV3J4PuCCsm8y8rZEmpj
                                    MD5:E00E6152427222DF089CF1F7262CE13E
                                    SHA1:33DE05C8C0E516655B97362FC7A399E1A520C596
                                    SHA-256:5B4DFA72C0E3A3B56779B631ED9DEB9563D2C5B176138C26E82B0264ED52B15F
                                    SHA-512:0D3B168A839E3CAEF12F19C06FE600F7B6CCA2EC1C8FF6597F8ECB009C6AA6FD5A1BD0FEE7E0E931E8B404D7CD456DBB363D2C046A98C0CA368F112BC2C7104A
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...{;...k........?...O..........}..oN~..x....zq.{............~.....?uv.k.A.......~...u.._.......<{./.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\421.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1228
                                    Entropy (8bit):7.0085770196699055
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQdnsE94zxNSJ1xLpxCN+VJ2LEzLO3s8Zgl:XDFhhKYaV3J+SRKOO88O
                                    MD5:509E9B0051463F4E7D3420BC148D0E4F
                                    SHA1:061DFEF141BF1EC242FA080E05E0217BDF9777B6
                                    SHA-256:1B822E6C77C78294E32C0F6FB631B7E5DA2EE41B05DED3B6BFA2FF7C539C2358
                                    SHA-512:8C0B568599542F2AD8F955273A9851A87F208A9ED33C77B865CF085A86EA1CB120D1D43D23D27D13164DFF01A3A074621EBEC24112B1F6B97820E5FB2A3D0475
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...{....k.....w.z.....}.....={z...'.N..../.|..>?.}..../NN..?=~../..8~.S..5~............~._...5......'................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......5~.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\422.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1230
                                    Entropy (8bit):7.03674068009553
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQsE7b1VAf2shjZCcHNmuS39kxzHc8UYtDEy4jSn+3TK5:XDFhhKYaV3JFYuCCsm8y8rZE6n+i
                                    MD5:F323B4AC6AEC1A27D276C1A665A97758
                                    SHA1:9EEA6ABFC60755C16BDB7BC8C06EF1D5FCDA8E99
                                    SHA-256:0BC18B1112CB4BC59E5E9765E1AB871BABA575089E8DCECC5ACC037099606B46
                                    SHA-512:154D87020A2F71ECA3ACCBB59037119E39783B380EF4EEAD926ED90BD2D1A89D1FEB87E2C9DFCC721F9DA14745E94E0D6AC9D32F4F2E4361BE625B9ECBD8997F
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...{{...k......u......z...o...'._<y~..'O~..'/>....O.{.{..y...._.....O=?.5....&..7......u.._.......<{./.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._....~

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\423.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1208
                                    Entropy (8bit):7.0183747849568725
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQPufjYnAf2shjZCcHNmuS39kxzHc8UYtDEyoB52i+Bbv:XDFhhKYaV3JPufjLuCCsm8y8rZEN+tv
                                    MD5:38968E8F1216666C56C1635437440DF1
                                    SHA1:8A0FC0818E1CA0BA21C65D75336566034F8ADFCE
                                    SHA-256:5AB78037416D89F15B7EB5715956836F18809DDCF2E99C716CA8F968D6673C0E
                                    SHA-512:E352C944EF201FBAD9B8E3C3469F558916737D3298C06BE979BE5D271F541B48A0C34B8C59FF52E5460837B3D36C900AB51B0D44F071400BB17A332F39AA38F6
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...{.~._...5~........~.{.<....o.?;{...wN_.|../^..8..7...../.........O.<=.........{............u.._.......<{./.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\424.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1223
                                    Entropy (8bit):7.036797337800945
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQsSMEg8XAC4DcFAiuY8C+ZkdWa7DUglm4ASZ7Tx:XDFhhKYaV3Jlpg8wC4Diz8ChWYnU3wx
                                    MD5:2B349643E2828BD69C199617C1354133
                                    SHA1:F7F08B17A79D34AA83A6AF56F7AB28B2C8C2A894
                                    SHA-256:FAE38ABD906032B6318E21FECA288665A4EC1F5DCD77F7E3FC1B1C52EFFE5C50
                                    SHA-512:721F13EE147FE2508F567B61B84DEDD4720264DF097067135028BD4B09B79E2A25B9B31E9A15203BFC7DD90C5DCA0C8DA056082DC256F8873243C355E600C44B
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...{....k..............._......x..._.....>'O~......}.........'ON?......_.......k.A......O..?.......o....?y.._..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\425.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1232
                                    Entropy (8bit):7.013048056200911
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQathXAC4DcFAiuY8C+ZkdWa7DUc3X53/:XDFhhKYaV3Ja7wC4Diz8ChWY3Z3/
                                    MD5:E205618A2547296A08A40C545FEFC2D0
                                    SHA1:BE296CB3FADFBEA4F4EB1AFFC70EA108A17C8A42
                                    SHA-256:2E8E0310A6E26EE89449011B1974346EDC6040AEA1D1DE51E92142748ABF2182
                                    SHA-512:E19B91D3D013D417460AFFF738E10478366C182A25FBF6CA89579CAF0220ECC189DA4BB3F156152A02293340C69C8B4A7BFDA9E804C9C92C931CC17FABA9E543
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...{..._...5~....ys....'.../.........>~r....?q.....?.....>~~...svr..._|...'?.....5.v_~.O..?.......o....?y.._..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\426.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1217
                                    Entropy (8bit):7.041666367466282
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ4OQcXAC4DcFAiuY8C+ZkdWa7DUkDS0AGbh:XDFhhKYaV3JhBwC4Diz8ChWYjN7
                                    MD5:53E5039C6353B2F24E4B267594EBE995
                                    SHA1:9CEC1B2A10FAA78587ED7FE5136BAA56DB087C30
                                    SHA-256:367E7C3F604D0A3DCEEFCAB68450C6896F821539B3B08D73DEE378E88DAFFBB8
                                    SHA-512:D290A896D7AF25320F481729B3D093E4BBE76786E2AA6E716C15ED5BA53A1D2F2588F225C439C518F2B27F93F7BBD63475316D163C3F19211DFD1D0674FE5074
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...{..z...k..._.^?......8...../.8>.....'?q|.....^....>>>...~r..../..x...?.....=.....O..?.......o....?y.._..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\427.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1235
                                    Entropy (8bit):7.004421182050562
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQRYQwWAf2shjZCcHNmuS39kxzHc8UYtDEyD3aOQ:XDFhhKYaV3JRfwLuCCsm8y8rZE+KN
                                    MD5:31CBF570912630757DD8BDB1955A4545
                                    SHA1:12B4EB3364287B6C054DB1E60E7DB29C7900DF4A
                                    SHA-256:67EAB9DC97875D0AA86E924A5DF4829419751E9F991C44447CD7810C276FCE36
                                    SHA-512:BB3978623CC7EAF8D0389F7BFB875D3C24EC48C2EDF6BDD744D49D5390AE2F39F2BAC7301DA64B40AA12372978CBC9EFD7D64D03D3184B24D21CCB67A7895D61
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...{.~._...5~.....W/...N..8...|..o..?...O.|../...?..7.g....w.x........._.?..g......5Z.......u.._.......<{./.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\428.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1222
                                    Entropy (8bit):7.01192942282126
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQWJiWhC94zxNSJ1xLpxCN+VJ2LEzIdXxk:XDFhhKYaV3JoiewRK2
                                    MD5:34A18686FE0D5609119A3681DDCFF99F
                                    SHA1:5EF90B16C8398DC40D63C9B53336CCB543B5DA70
                                    SHA-256:390537D51E5E4E7933BE02EE309ED0F83DEACF041575436F99F15DC081A8D1AB
                                    SHA-512:E2A54180649C1681EDF650C5BB129051777D7B5B552A78EA4F9BEB2E7B45E3F52E72FCF663F01DDFF0186668A3E8EDA5EC61DBE882A75D9A5BF36EAF8EB1B25C
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...{....k.....O.^o..}......'...N.....<y........w....>.....O_|../_|q.....k.;.........~._...5......'................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......5~.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\429.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1229
                                    Entropy (8bit):7.039365525625109
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQDgjeYTmfVHMhfgXwrPmT7sILofALD0TL:XDFhhKYaV3J8dmtHMhewrBuofCgL
                                    MD5:5E893CB779B0BA5BB9ACE0E4FEA14B3B
                                    SHA1:8105E9F3563461D4CEAF6059518CCA4A18B3E1D8
                                    SHA-256:11DD42C2ABFDEC59ED368C8EB6835FDBF115CC91F207FCC4A73CC39779A0A0AC
                                    SHA-512:877F711CFF765CB6E0C2B09A7EC5D74B63A0F64B7C7F441D3A3E00B8A8FF1167893CA940B2802A5652FB46013C484917F4B9C08587B7BDB39D336D1D3E022192
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...{..._...5~..W....w.NO....o.x....z......O..~y|.S.9..~..'.../N..?9{u....O}.;...........~...5~._...w.......G.z...k...!.N.._......_....?....h.k`......7..|..7.5~._..@..K~._........5~....~._........5~...7.5~._.;..t.^.u..,7_s..]..;oD....>....u..6...U.......u~..1..X^h..o...!..........A.............7..)../.r.........&....O........]Ct~}}........c....k...&..............r.k........&..........5...................h..?.v.&...~.......o.Co........7.A....~M.2..........h...5...........ch.k....../......<..k........_(..C._......@...m..?.;.....c...k..?..~._........5~..K.._........5~......5~...._...5~.w.5~._..~._...5~]....!..o.E.l.o.E.2..j..`N.._.7..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\430.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1219
                                    Entropy (8bit):7.033297722483793
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQZboM6XAC4DcFAiuY8C+ZkdWa7DUKkzT2IF:XDFhhKYaV3JZ8M6wC4Diz8ChWYkzT2E
                                    MD5:A0BC89D271997D9DBD00F88DC264BBF3
                                    SHA1:0118F90DBA0D252537E865F32B3186F30422C3F5
                                    SHA-256:F7B79C279B35D806B1B07A7EBF50CD89E0DDB8E4798C35DFE6DF009A3513CF90
                                    SHA-512:49DBF1B736BE969C9D53E0E074C1D24D304057F2DE98A5585F77D6813C75E7B3CC9F163C0CFE9BD8D4F753A3DB832AFC2897541D9A01718BC1334D94050E3A3E
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....v~._...5~...._..............O<..{.<...89}..~.......'_<9{....W/..8>...|.k....0z.O..?.......o....?y.._..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0......z

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\431.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1221
                                    Entropy (8bit):7.037839614280827
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQTsrbwXAC4DcFAiuY8C+ZkdWa7DUL5KLCNtbqChWz:XDFhhKYaV3JTXwC4Diz8ChWY498Ccz
                                    MD5:11EDC853E373E6397C2B16D9D6008800
                                    SHA1:8754B95FA117F0291C7795F75454E4895C09C48A
                                    SHA-256:546D0C993E86D95BB06FEC862186B784FF234553B82833D4D2C82671198A7747
                                    SHA-512:180612C23D8096B840D2BDA2DE800DF7AB1DFB4C174EAD440609CF2965D3DF239C0C232E927EFCF31D3E88B5E5194E5D108E261DB5143FB76265B6A5E8E80CA8
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....v.._...5~...|....O..<.q|.....N_....W'O~........W...}..._.<;....?...8....O.|...5....U.O..?.......o....?y.._..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\432.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1220
                                    Entropy (8bit):7.054181079569776
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQSBXAC4DcFAiuY8C+ZkdWa7DUIUNohkb2CP/:XDFhhKYaV3JSBwC4Diz8ChWYdDhKX
                                    MD5:3C307819CBF360F6F918AC60C06303E9
                                    SHA1:41FC0D7D7E56DE866E92767A9D0A97E1E8395FEF
                                    SHA-256:E04162C9331CAB558A567F9594E4D3EF1CC0E11C28B5D8785F7B28C5E13AA7BF
                                    SHA-512:2645759448117D6620C5D190C35C0F1ADE8D1D71B9EE270464B3C2A7BF5B87953F2AF3B3FC4B7FC3733BACF8CE31C27DCF77F2D5BEF84C6544B2EAFB2F338B44
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.....~._...5~.....O......./..8.._<;._~..''O~...'.?..........g/N..x..............._.O..?.......o....?y.._..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0......z

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\433.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1220
                                    Entropy (8bit):7.008447495242746
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ3PIEZGm9CwchdXaB0wypv7nzTg60dwG3a66:XDFhhKYaV3JkWCwEa+w+vzzTgT13D6
                                    MD5:9B1424FA03759AE1C27875CC1E9A13DC
                                    SHA1:82ECD2FB20A6A7CACD59163B934AB3A1BDF611E7
                                    SHA-256:DBC4E346FDCEDAF424F24424E53C836DB12A5F11B3750599DBCCC2E6F4DC30C9
                                    SHA-512:B6F16B238670D2FF6C429ADDC4C7AAA5789E2F5088B0D95CD08E21D4444E93052830695112BE612462EF5B9F4A73EDE899567E8D85A7C4C6E2E15C2761C67D7C
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k...._|u|.......g.O..}.....u.{.<.../_.?......'.../......./_..q|.S....k.C...\.........k.[....O......_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....k.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\434.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1221
                                    Entropy (8bit):7.0203458707638
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQduRdi4DGYTmfVHMhfgXwrPmT7sILomava4NDX0fJ9to:XDFhhKYaV3JcDi4DhmtHMhewrBuo5a4n
                                    MD5:6156FC9124385F2DECB1D21D3D1BA571
                                    SHA1:A678910184E4C09415B991EA920AF49056B4033F
                                    SHA-256:AA1BBB1782253BD39D593409DA96A68DC3E5406FD359710F6025321E21781C50
                                    SHA-512:2C8F27AF5C49CA9451A01FB53C7CDC9160B978ED8D378236DE0E6963815F46FD590FBA293B739981E6F370093525C0C3F06790CA8DE65CF2F14AD41D151FED44
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......._...5~../.......O._..=?9~..../....}..'^~.....~../.{./.x.'O_.x../._....{....W...?...~...5~._...w.......G.z...k...!.N.._......_....?....h.k`......7..|..7.5~._..@..K~._........5~....~._........5~...7.5~._.;..t.^.u..,7_s..]..;oD....>....u..6...U.......u~..1..X^h..o...!..........A.............7..)../.r.........&....O........]Ct~}}........c....k...&..............r.k........&..........5...................h..?.v.&...~.......o.Co........7.A....~M.2..........h...5...........ch.k....../......<..k........_(..C._......@...m..?.;.....c...k..?..~._........5~..K.._........5~......5~...._...5~.w.5~._..~._...5~]....!..o.E.l.o.E.2..j..`N.._.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\435.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1228
                                    Entropy (8bit):7.035800738125786
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQswC4XAC4DcFAiuY8C+ZkdWa7DUXKv4:XDFhhKYaV3JdC4wC4Diz8ChWYcg4
                                    MD5:10D157FBAE9789F6B901D91ECB50877F
                                    SHA1:C1CD97D438AD4AEC1BBDEA7FAE286401B79177FE
                                    SHA-256:6B20D07692470167B163FED96E19A167593429A65A1CC8321851916838010B3E
                                    SHA-512:A171A1852B2A4F30146D33667A50D3EA1C092D21D846816E81B8A5BB165C6E7DC77B492EEE517C0A4B983924D515D8BDA63530F8BBAD56B1E490AD03D6E7B1C8
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k.../......N.>.q......~....~....O.>}v..>?...>y~........._../._../~...?.O...O..?.......o....?y.._..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\436.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1204
                                    Entropy (8bit):7.014372556566936
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQOBchBk69hLWxGJO87xX6HlHkrp4/Lug/2uy3JI3tmls:XDFhhKYaV3JOBW9r/J/oHpg4zj/xsJBe
                                    MD5:AA9BDB420DD1C440B042BDA5D43A7FDB
                                    SHA1:3264059541F03EFFE2FE9ADC5E5EE8E5D3D97EDF
                                    SHA-256:FF308D590F4A64453A0733D6C319EAEAA5BD86DFE980159CA81853C5291FCFDC
                                    SHA-512:01D5596240610D6ECF59363F748A81186197C10DA62CA7705965E030BD01857D7C9E6EEC546E42F2F5F72606015797B9DF466CAB60BA74A9F0BCD02A471C677E
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....>..~._...5.......'_<....'.?....u...;/OO....?...zv..O....'/.>=>~......?..;....F.....7.._...5~...............z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5~..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\437.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1222
                                    Entropy (8bit):6.974065039917839
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQkm94zxNSJ1xLpxCN+VJ2LEzwkKvP/LG:XDFhhKYaV3JkMRKTnLG
                                    MD5:6864522352B84AA2184929BB47F805AB
                                    SHA1:FBBE9958B2A7BEDA10B05A36D4722F06D8606CDE
                                    SHA-256:8878412AD23BA9439A6A21EC5F65E3A97C13DF9CDA4833DC26F7282A56B0F1B4
                                    SHA-512:40C76503022F7B642E07F932DFC3F9B002982834AC623FD9B11C84E7CC76D8A8D6B8A6321CF7C660E88ABF41AA4A12B319E2337CCE58C9D0958A93C3A6770201
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k.../_......O._.?....'_..z~.S'_...x....~...}................./~../~.../.;.+.....~._...5......'................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......5~.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\438.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1222
                                    Entropy (8bit):7.020811875261606
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQThAf2shjZCcHNmuS39kxzHc8UYtDEySunUYH:XDFhhKYaV3JKuCCsm8y8rZEY
                                    MD5:97EC55463EBA5C003C924F784A28EA3D
                                    SHA1:4BFECFC2EB5FD13363BC146391C14090D7C99B0A
                                    SHA-256:20919E9566D8B7CF8873673FC7D08943DEF136771583D9E6EF0C16EE314002D5
                                    SHA-512:479D69ADF9DD2BD6D8A056EAB09635303A4AB357384B9C5F903F6A9C90516D7F5A80738A5243CE28A880FFFC4A6A9131F7953D23DCF33C6F4B5FB8052EE06E56
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.....~._...5~...x...O..~..A......x.{=}~..'^...g?....}....ON^.<}..;?....?....?...........u.._.......<{./.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\439.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1241
                                    Entropy (8bit):7.016364951608323
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQi+Ccxl94zxNSJ1xLpxCN+VJ2LEz1h14u/0TWPO:XDFhhKYaV3JTCcxjRK84uTO
                                    MD5:004D716C4FD12A1890A1EE7ACD6CFCE9
                                    SHA1:46756898C1EBD707A617FA5208522355C90A1B8E
                                    SHA-256:05082667C69CF99DD43085016A0CFAF94B7C28FA578A1072E5727D87142C62E4
                                    SHA-512:B1C78ECCE61BAD6342C174A541F63AE6999A46D2293E68901C0E9FF2578EDF7E00F390A88C5E4372703E33BD6D671FEC857157A6C16CC83D9C7D392584E706CC
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k....^~...o?}z......x.../^~...'O~.'NN_<..g..../NO~...../.8>..gg....|........~._...5......'................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......5~.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\440.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1242
                                    Entropy (8bit):6.971942323811799
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQIW+59hLWxGJO87xX6HlHkrp4/Lug/2uy3uOV68jGBRX:XDFhhKYaV3JIrr/J/oHpg4zj/xs/yXX
                                    MD5:EE77415E7A588919738606A65AFACEC8
                                    SHA1:FA8B6C3E1AC8B3FBE7E383C00C6F05F9E867760A
                                    SHA-256:0DD5761D1A383750B1ED75BCA67A3B262F44D8C787B00CDC49CE77CD624D0351
                                    SHA-512:CFAAF2993699FBF65C62C5A9290CF5A88DC5699DA2B0DD80AD6EFD1D062DFBFD119C6038E6734DA827287CDB11F2F8903F7ADC3F2AFD2F0D3103A4675EB601A8
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....;...k.......7.O.~.....O..}...?y../..../>.......|./.~.....O^.8....O.^..5~..........7.._...5~...............z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5~.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\441.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1231
                                    Entropy (8bit):6.993227356740179
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQdFh0SNKXNdi39/62M0a/k0HqZVH1hkPIsbx2wNcG5:XDFhhKYaV3JZ0SN2NG/OH1Hs7Bsb8e
                                    MD5:EFCE96749AA476463F807E4E3F50F286
                                    SHA1:3B1B18FED330266EFBDEAED9694FD0513740B7B3
                                    SHA-256:55D1E64A808504BB62775381C9C534CC9A4F31E6121EE69C4F4B86CA39AFB0B2
                                    SHA-512:FBDFA5E5D32D3FF1143958D961623DF76B739E96C37333A114F1DBE7C8E79E3C8AB69FCD9F8F67A3B8FCCBB395FDB7C1C227937CDD7D1ED171AE31F3E93A76F7
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k........k.....w~.'......./_<y.S..N......../...........{.?......./.......?u.._....o.....o.c...k.....w..go..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.k...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\442.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1229
                                    Entropy (8bit):7.044247273462979
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQsahCMt3yV9ZspJBafrXGSy7Qurzaf5cU3x4NDX0fJ9T:XDFhhKYaV3J7hJa2oxxcU3x4NDX0xAAB
                                    MD5:7EBA1B1AB83D4134FFA21747F312B40C
                                    SHA1:7E441AACE80435077A1C478700F6377FEE7DDB1F
                                    SHA-256:5B03A9500642D0F1DDEF25A926F9499867A6C4AE22EC6001BAD572ADBE0424B0
                                    SHA-512:3EC616A4733D6A3770460FE3D548C3EA0B5793A0F6CCA8298668073F199B8B868D02BDF85B6D6032A30C300D3FAEBE16738A01A8976E2DCD22A857FD36FF0CFD
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....{...k........o^|~r............|......x.....?.S....'_.8y.../_>y...z......W;..?.....k.......]........~._...5~C..............*d......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^..........o.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\443.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1225
                                    Entropy (8bit):7.035246413906201
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQDE1pXAC4DcFAiuY8C+ZkdWa7DUxN8ltswCvGg:XDFhhKYaV3JQ1pwC4Diz8ChWY5ltUeg
                                    MD5:03B43C8A36F85833B4A5FFED2420FA68
                                    SHA1:F9C1F6EC9E254012774FA447F197C63D4654E4B8
                                    SHA-256:0F745BCAE8CD1161EEB40DFAD0E8D3620FB82A4673B801B6D4E141438CA60202
                                    SHA-512:76D4311918B40AF42EE28A59AB46242DE8BAD28F7516F2550F348D626D36413A8C4A57858558B06631144BFD8B8EC99AF006BFA0A2FE2CAFD9864D88EC171DDC
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.....~._...5~...?......O..|...O.?...._...|..O^.|..O.....}....?qr|F..|q...:...........O..?.......o....?y.._..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\444.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1219
                                    Entropy (8bit):7.0068193929063005
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQsazKXNdi39/62M0a/k0HqZVH1hkPIsbxd+MTVQRf:XDFhhKYaV3J7z2NG/OH1Hs7BsbDT6Rf
                                    MD5:3CBFAC748956787720746FAC2A29E5C2
                                    SHA1:9B0B2FF9C259CA50DBD441BD96EDC7BC5D4851A1
                                    SHA-256:1E09217DC68DE9C4AE290770617F23ADD73A11DCF2B4921CE1F8461E63D6293F
                                    SHA-512:F12734EFF6A19DB345B715B3B14C3E92074CBB5EF52DA2B7EC584B70DC53F814EA095B77088511432C732D0794FFBC6681A23C93ABBDB099A47DC576C796A548
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k........k........zqz.{=...<>.......?..'oN....'/.......'.....<y.../^......~.....W^.;..o.c...k.....w..go..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.k...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\445.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1223
                                    Entropy (8bit):7.016072158412713
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQfylQXAC4DcFAiuY8C+ZkdWa7DUTraK5z8rh:XDFhhKYaV3JaQwC4Diz8ChWYar7w
                                    MD5:512E951BFF363EDB0A9CE462B3DFE9A8
                                    SHA1:30712E913AE6D58C3CC2B3EFBC1D4209F5E0D587
                                    SHA-256:728347C4DED546D15EB310D83D5F7B4326E6DE31F69A9761F8E954B93036A77B
                                    SHA-512:8B071AD60F32FBCADE269FDA50974549EF396965D7F6E51579DA3D26A0F63CC0D1CAEF7A92A76830B099CC416E7B0B2FE91CC247066EBCF5A3C1B7E8207C5966
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......._...5~........~~.../~..O^<.......W...?......?.......O.|......./.8}...z~.k.A.._....O..?.......o....?y.._..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\446.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1238
                                    Entropy (8bit):7.045486741521697
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQN5yOOyV9ZspJBafrXGSy7Qurzaf5cULKKX3GbZ/7y:XDFhhKYaV3JN5Sa2oxxcU+VBW
                                    MD5:199ACF7F438BC29F494F8598B028DD8D
                                    SHA1:31AF56F9EA973A40CF4DF1C2FFF100421DBBC28F
                                    SHA-256:0318AD2F8F5700760326F99AE55B80BBDFB139EBACEA9F131202A2D1745B5B00
                                    SHA-512:A8E22427138BE8904B33B633438CB46E3BAD59A2D3D1136657FF878B4E7F95A1E5D2D322522A0439225D9A558CC8C12FE1CBBB306B6AB9EA42F3D0869C531024
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k..._......y..._..q..g.y..'.....?...........'...8....<}....._....'O.._..9...?.....k.......]........~._...5~C..............*d......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^.........

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\447.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1240
                                    Entropy (8bit):7.00320836919528
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQRA6Bj9hLWxGJO87xX6HlHkrp4/Lug/2uy3aGebj:XDFhhKYaV3JRAqr/J/oHpg4zj/xsaG0
                                    MD5:BE7ECD875AA652A21662316849D7BF1E
                                    SHA1:19E3BB077E4B852493AAB5FCAF33B55CEC0FBD10
                                    SHA-256:E0365D991039E8BB3713BEF096EA3B9BF5DF58662F6BD3CA218AF26F8FF6CD6E
                                    SHA-512:8F36BB88E6CD27BD7BF132B2219DDEEE6F07EDF2FC4DF022368C85E3A9398D6AB110C414FCC476DEC0D07A846C04D33F031D49E36A03B7007807AF0C58AFC0B3
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.....~._...5~...g?.......<...W..?...w....?q.....O...W.=..>....|....'.../.........}........7.._...5~...............z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5~

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\448.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1243
                                    Entropy (8bit):7.006556321833924
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ0VficXAC4DcFAiuY8C+ZkdWa7DU0Z1Jf42xY:XDFhhKYaV3J0VPwC4Diz8ChWYrf3O
                                    MD5:02B86EA84642D4C39F3DE862D1D6C117
                                    SHA1:F040ACD40DD8C5C59EBAA9B8CC56A347A70555EF
                                    SHA-256:5B23A058DE18FAB6291F12F7D7E1D1A889EB2396ECE6A73DC3008601D85724A8
                                    SHA-512:142515737CDE3C3334867F5325CE0400EA419806EE8B3975F197E32EF527A2CF95CB1C2F833D5FFDD7D074613A0747FA290DA6A6DFA2BD78DF598F4B9D6A5599
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k........k.....O..9......_..q....x....gO.../O.<...~.......;_<?{.....9}...?....{.:..O.....?.......o....?y.._..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\449.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1234
                                    Entropy (8bit):7.029003918100463
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQabGm9CwchdXaB0wypv7nzTij9f25Mh:XDFhhKYaV3JaKWCwEa+w+vzzTiGa
                                    MD5:3ACD8DE33F6BD43686B179D237419EC2
                                    SHA1:A0717C9896A1CF2A10B497227B2077772E67777F
                                    SHA-256:480CC52EEAA883F253E016608D139D11916BB5E8B5D627C067E6D32C2AC5E39C
                                    SHA-512:C1E21A3B19FBC9FC875BBDE21DE6D7174A9C9D04682EF7B710F2D7C5F7D7E8B8CE7EF795CD63A6D6FD8AB6AFCDA845C1B92CFADCA490EBCB935C9190430092C8
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......._...5~..Wgo.O...O.<>{.........'_...'?...zy...|./N....../.<....O=...k....w..3........k.[....O......_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....k..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\450.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1214
                                    Entropy (8bit):7.016327246696451
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQETN499hLWxGJO87xX6HlHkrp4/Lug/2uy3mMrs+LWiu:XDFhhKYaV3Jsgr/J/oHpg4zj/xsjyAi
                                    MD5:4C99E3F873D9E0FC3175434A5B26913F
                                    SHA1:AF958F0E29488D6CB040F682CCF26853547CF663
                                    SHA-256:D74E00A4ED88EDE0BF0CD588E2E29242292EBCD6C694220B83278454B5611C77
                                    SHA-512:A1A2C4759976196404A401989C8977F12C61DBB02B9D12ABF10EA0590763DBE0539EE0182714EC463A0BCE0827DF2BC66910B853910B578E2A4E04E346F49297
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....w~._...5~....|u....<}...../..^O.O....O......g?.....O..}qz...yz..._......._.o.C.....7.._...5~...............z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5~..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\451.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1231
                                    Entropy (8bit):7.021414507810919
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQE2iAf2shjZCcHNmuS39kxzHc8UYtDEySRnqPc8:XDFhhKYaV3J9uCCsm8y8rZENAr
                                    MD5:15CFF2511E4906C214BE35FF2C860BFD
                                    SHA1:79E6E82848B3CFB8056AC8014CDCEF9581ED5F05
                                    SHA-256:114124FA82AA8C161B373D65A7B2FBDAE3B524222331B399B9A15438352885DD
                                    SHA-512:53D930B685ED73392972406C993AB7A5A5275F42653BEEB83E912ED817591379818820F4E4F0227A81C3828DEF53C0F96C01CCCD0965850B4375EDFE5611AC8D
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....w.._...5~...|...'O..<>}..g.9>~..../.........W._}..;O...;.O..?...._......_......>.g~...u.._.......<{./.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._....~

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\452.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1230
                                    Entropy (8bit):7.0094442036389
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQJyIEsZ2Ndi39/62M0a/k0HqZVH1hkPIsbx63c4HcBZ8:XDFhhKYaV3JEHPNG/OH1Hs7BsbM+0
                                    MD5:A39F39980D0B1B369425D6BB02819B4E
                                    SHA1:7DB550FE3CAC6AC6D6C3BE57FC0FF81563F09F7D
                                    SHA-256:772186350B1C823481D331E1DD3EF33387FDCC1AC03686CDC5CF5066A8F55157
                                    SHA-512:4963D2DF0584DA1FD98443B3482FF4668DFFFF117F2256046FE51ED49961B983D1FD68AD23EF3C8A985FD1BF930DF87BBA1C33327D0918C13EB9B06D620386D8
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.....~._...5~..........~..O^.......~......'/~...7/N....w.{.{.~..;.gO....../._..._...c....;..o.c...k.....w..go..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.k.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\453.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1217
                                    Entropy (8bit):7.0121304543655585
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQc9JKJaw2Ndi39/62M0a/k0HqZVH1hkPIsbx63CHdvfw:XDFhhKYaV3JIJKE/NG/OH1Hs7BsbM6v4
                                    MD5:7FD4805376528DDF1979D8624CE58FC0
                                    SHA1:EB6D85F820D5A5AAC54F85D783A2785AA20B2748
                                    SHA-256:52D9CC366E63D2695804FD9D5874FD37F8E02BE7723E28431C350D40048A1942
                                    SHA-512:1E58A2D4304B907D96BE92A1694411527925FB0580DEAE60DCCFCE31DC0CD312D59DCA0C4D45229F0D3B417C5215C620E0022A3707CD5D8F4BD5640D20B41638
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k........O..<}......./.....O..O^..W._./.....wN.8..../.........._....~......o.c...k.....w..go..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.k....../

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\454.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1229
                                    Entropy (8bit):7.013179868616311
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQhGm9CwchdXaB0wypv7nzTqF2FAN36/:XDFhhKYaV3JYWCwEa+w+vzzTVqNK/
                                    MD5:48CF4E3472AE05B399778BB360312C2E
                                    SHA1:4CAAD981D413E371C027FD1C8D319F5BDB65935A
                                    SHA-256:6C196F6349E903D61726B6FB54C3AFC0C5CF58C9D07CA51E102BDC1E8187BF3C
                                    SHA-512:E034D3BEB6AE22540335A2D383D4D31314CEC5FD9A6A345D613EED8E04ADA6378278E115A966465B1725B0CFCE17880DA18638C88C7EE4967FCCB3AE229C2B12
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......._...5~../....sz......'/.}.{.........8..'_...O....}...._.}...'/...q|.S...k.A.w....3........k.[....O......_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....k.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\455.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1235
                                    Entropy (8bit):7.010482989044797
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQAp+hN9hLWxGJO87xX6HlHkrp4/Lug/2uy3jEL+hC:XDFhhKYaV3Jt3r/J/oHpg4zj/xsja
                                    MD5:86BC8BAAFEC9D312EC6AC71044C0681E
                                    SHA1:79C48A7783BA3A855E69C1814BAE61F648EFC2DF
                                    SHA-256:A5DC9F3A98B2E0FAAC83011D732706EAB9B4234D11C7D5344762EAAFCE9AFDCA
                                    SHA-512:E70015C7271981BB13464EB34711494F30B319F4238CFEDF5AE03CC5A9505A22BBF14677E4F32A3A275A4CC7CECD381D71F95797CAD4B9F6A1B954791B07D681
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k.../....O.~..../~...gO.s|...O=..'^.....O....wO............/................7.._...5~...............z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5~...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\456.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1218
                                    Entropy (8bit):7.022642738635626
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ7PJhXAC4DcFAiuY8C+ZkdWa7DU5N/0ZSqbq:XDFhhKYaV3J7PTwC4Diz8ChWYs3J
                                    MD5:F57C2BF04222005E778217630A47D5AE
                                    SHA1:D03F718861F631CDDB640224903356A4F4745EC3
                                    SHA-256:3DD0ED20A916F8008DD68363E9C86340AD67FF0525A9BF796AFFBEB6D4A03690
                                    SHA-512:6F41490C6D80E154816735358E0472FF33F131015F4EE61E6F6CB1F4F88D25240A00D1648F8BE688C30F7946D816D80C0650278DC8325320B0E7E32A826AF127
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....?..~._...5.....o?...;/..~............>y..o^....O.>..~../.~...../.|......?u|.k....O.......?.......o....?y.._..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\457.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1240
                                    Entropy (8bit):6.990284184126828
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQsfcXl7w2Ndi39/62M0a/k0HqZVH1hkPIsbxFbeqsTPY:XDFhhKYaV3Jsfil7/NG/OH1Hs7Bsb/eQ
                                    MD5:CA721FFE855E796C611EEB464525E5C8
                                    SHA1:400A375B3E19D67F8D9D9F672861C4B0BB335E8B
                                    SHA-256:0AC8583AE00176F33011F3BCF3E94473BA6A2A6AD4512B18D8DE53C37A06800E
                                    SHA-512:311C406F48C5DFF4AA12B1B98465CE33DFDDCC00D4CA48F65F7996E476A5D246EBBE90AB8E2E822ADD8E8B05D7B0D8B9CEDD514593B16F415851FDED7591DD74
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k.../.x.....g/.../........y...'_..w.z...zq...}|....O~....._|q|.S'..5..........o.c...k.....w..go..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.k..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\458.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1239
                                    Entropy (8bit):7.004870536338462
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ8en53W9hLWxGJO87xX6HlHkrp4/Lug/2uy3j2uOReMD:XDFhhKYaV3J8e53Wr/J/oHpg4zj/xsju
                                    MD5:EEF4F3150F048591003EA8D2E99707FD
                                    SHA1:A74B1C9D4C07F2C76EABE934D920FFA4A4F10190
                                    SHA-256:B0FCD62F1BA183B1D3A29DC8EC2AE025565A5810F8F9E5142A0B3438C2093F2D
                                    SHA-512:FC8E50F57EAFFBE10F65E2611CAE909E15FDFD07088C37D7C14A5A67E832A0579ACD07D489E27B4CAFF4896AA8F0C0FF044825BD62B4BDE46A8527D8C33F1827
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.....~._...5~.......<}v.........x..w?...O|...}..O..?...O.|.O..<}q.....q|.S.?.5~.....w....7.._...5~...............z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5~

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\459.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1226
                                    Entropy (8bit):7.011533727082669
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQstp2Ndi39/62M0a/k0HqZVH1hkPIsbxZCmeXbU2HWq:XDFhhKYaV3JsWNG/OH1Hs7BsbnCmesq
                                    MD5:34A2D2C7CCA2DC52C13034BD7C1326DD
                                    SHA1:280942D5028B0294D5500EA209A50A583C1BA22E
                                    SHA-256:DD009D0AEB5118E9FF77C96B7C017C318699F011F05651011F1A5C8DB8A73C6C
                                    SHA-512:70B65E150B39D4FB5953F08B1899E26390DFF59B922BB9BEA45D7BD6E5722C3E5AE5A916740EC8C96BD8A052B40112BADF1321FAB4414CA3E847A8F1C36E792E
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k....^~u....'._.8.....'/....?...O<.......O......x........xq..._.......5.......3..o.c...k.....w..go..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.k..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\460.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1230
                                    Entropy (8bit):7.02776691851909
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQjRhldPGgTVLXAC4DcFAiuY8C+ZkdWa7DU6uKbZPYbtA:XDFhhKYaV3JjRHdPBwC4Diz8ChWYr3
                                    MD5:6E28AE010FA9064966AF54AC616201D4
                                    SHA1:F042C025F39A9CDFB1FFF60815FCDF649E28C1C0
                                    SHA-256:DE7B85ACB3FA3BC4D2E835216283C9760864E9A09F338AE0871713DA62BB090D
                                    SHA-512:EEB88BD31F34FB7E563C4C6A02488588316840A09CA4F8F4276B780409BB883A3E7F4C973413092F7B5F6E9E55A8673B73446FA97579BCAE6E96ED6F9E0BBD2F
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k...g?./.....xqz..g.yr.....O....|.....~......../...y......_.....<.5~..........?.......o....?y.._..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\461.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1230
                                    Entropy (8bit):7.057576147510126
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQuB07MyV9ZspJBafrXGSy7Qurzaf5cUJBdB6i5TrV6:XDFhhKYaV3JuB0ka2oxxcUNBe
                                    MD5:3122F393658A393F26E73982962AEB6D
                                    SHA1:0ED1AF19C58629851C75CCA1FB7D4C647879099B
                                    SHA-256:08DEB3FC3D219CC6BD88B2761F4FF82F0E5433B751468B8EB56B4AEAD36C990E
                                    SHA-512:3E2AD822E5ED7D735DC0AE85191DA882252E62007265E6D69BD819A101EF37A8AEBBF926D60263B2D7CBBC9C862B94296446944FE98297FF795601CE57317BFC
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k......7........./...>/.}..:~.S.y...O|......S'.'.......g.O_...w_|q|.S'_...._.O.]..?.....k.......]........~._...5~C..............*d......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^.......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\462.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1214
                                    Entropy (8bit):6.999925477313802
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQD23GmDGm9CwchdXaB0wypv7nzTrZqXMQ2qSPdD0:XDFhhKYaV3JaVSWCwEa+w+vzzT4XSzPy
                                    MD5:C831FDD2D033F3FAA817474D6B67B004
                                    SHA1:6D0AACFA7C66021E6AEF68EACE277A01F154F531
                                    SHA-256:F321F8F7BC61F558090E73AB785676A150497339D42D29C7500A8B4DB29216E7
                                    SHA-512:D3A4C0BBA5CB87AF8B4ACBE719C5FE7C5CB4BB313B309DB7760B3776B852180A864357A9B7DC1D345E6F610B40BDA9B0C0045A1427978B14D1C2A7C005E82108
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k......<.../N.......?{~z|.{.y...O|..._...W.......qz........7._......{..................k.[....O......_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....k

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\463.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1229
                                    Entropy (8bit):7.029590247319015
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ+Qd1Gm9CwchdXaB0wypv7nzT6x8nYrML:XDFhhKYaV3J+QdsWCwEa+w+vzzT28iW
                                    MD5:D179FDF112956331C4FD77FAF8EA7C1C
                                    SHA1:F24DB9EBC63B099B2CA5F38BD41663AC6F524525
                                    SHA-256:7255D917970715B37E50DF86B18712F44E20E8F43E74151F66779D1823604E0A
                                    SHA-512:1756BF240EB261AC7BC8084125433EC8562168F6D0AB201B3417AA1D3ED5BB084237A23A94949802CC13AB317F0362222BA72B20E7F336D5DE4053380DB6FFD9
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.......~._...5.........;O.............../...../..?........qz....._.......NN.................k.[....O......_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....k....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\464.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1212
                                    Entropy (8bit):6.992378323098034
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQeuP94zxNSJ1xLpxCN+VJ2LEzPtK7PcR0W:XDFhhKYaV3JRRKy0W
                                    MD5:B8002DF781C284629B2FDB4767B75BD1
                                    SHA1:C94F2A6E893C09A52D0527AE2DD6013EF905EA3A
                                    SHA-256:ADA33A08E72DD643F5B079D6E2385634423AD8C627903712773C146BFCE8F386
                                    SHA-512:174B41685DB75EC2B11E2B670F2B3CE4EC5D9D875E8343D08C6C67069515454EB160C996359EA72C96DBE892393CCBF9B31DF16F11C37E71813D7F48C755CB07
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k..._.....<}../.O^.x....'~......O<=....?...'.{.{}...<y...../.8~.S.?.5..?........~._...5......'................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......5~

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\465.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1237
                                    Entropy (8bit):7.023201888957209
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQLNNdi39/62M0a/k0HqZVH1hkPIsbxPFRIJbQu7P:XDFhhKYaV3JLNNG/OH1Hs7Bsb7K2G
                                    MD5:BC18DAA7FB3EC07B5A56B41C3F46A00C
                                    SHA1:60EF5F935F44FDADBFF475CD3D9DFA4A46420F3C
                                    SHA-256:55E7787701B2B822AB25214EA164346682654DF2E857DB00A96104367C4BB8F9
                                    SHA-512:DEA84973C89D3170689B16D16D28A9A23740A4224B3D3B29A0896D55BDE940776EBE95EF222475606D3F24958F3A7CCB40FE99F9DF294BC9E38342FB57B77313
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.......~._...5.^.^_.8.....?.....gON._.>O....?..../...w......^_......_~......?u|.k.A.}....o.c...k.....w..go..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.k...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\466.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1222
                                    Entropy (8bit):7.035627796998357
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQnYjd9hLWxGJO87xX6HlHkrp4/Lug/2uy3TnTO6SvxJS:XDFhhKYaV3JYRr/J/oHpg4zj/xsjcK
                                    MD5:3C27C89328B409338DA0485710A493F3
                                    SHA1:30C604ED2DBC44CA248FAF48736D6F2E569081FD
                                    SHA-256:F96FFC5750371313B206324DD41EBC73C2A81769871F42BFF78F51C7768F0AF0
                                    SHA-512:7C900A802B7A074670B6A5438ACC1B5F28FC37A3E81A3762FC4D81E975CE09EBEC51D127BA2AD36F1BE4D0EE1F3FF2ACE470392F47434135BB2F187EFA77FBAC
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....~...:...k.|..W/NO.=}...g.s.....oN~...O.~...g?...?...|......._>..........?....k....7.._...5~...............z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5~.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\467.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1232
                                    Entropy (8bit):7.056482141614462
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ6tlVFRyV9ZspJBafrXGSy7Qurzaf5cU9ZOS3+T5ng:XDFhhKYaV3J8l3Ha2oxxcUuSQg
                                    MD5:A0E5BCC557C85E4862221CC722B22B8B
                                    SHA1:5B35319DAF8E903520D1318E403B158F482BBC6B
                                    SHA-256:2CFA3F5B57B8F9AEDC80A7CA1A51C852610A239A16823776FFE734EA0F7B196B
                                    SHA-512:65F7394D1E30D543688361771C84939B4CC605B8A4095B93F02B2FC03DED93AAA08F9E8C1365376C8DD0246190A957BD4B7FD90179281C6AC21E9B1C8E2BBD67
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....>..~._...5.^.x..;'.N>.......>~....?.....O.x..o......}|..'O..xz.........?..._.....F..?.....k.......]........~._...5~C..............*d......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^..........o

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\468.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1223
                                    Entropy (8bit):7.030826672488916
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQTzdyV9ZspJBafrXGSy7Qurzaf5cU5l6r9:XDFhhKYaV3JT3a2oxxcUnQ9
                                    MD5:9CF0914E343DF5B5557A08A6F4AEE58F
                                    SHA1:0EBF25A4F925F752A9AD0565B14AD5D8348C7A1B
                                    SHA-256:B5EAD3535D621B582ED5979F6F321CCFDFD438A33DBBBC28A12194327EF7AD9E
                                    SHA-512:DE6386E6D08A217886C0358FBED853FCF1E098BFA3C2B6E30A7099B1C9EBE0A5D8A9165C742B583D0E754C080BCABC97BF73C3761C262C71F03935D585674EA4
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k...?..'..>..NN~...o.x../^|.._.>>...'.^.............8yz..wN^|q..O............?.....k.......]........~._...5~C..............*d......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^.........

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\469.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1214
                                    Entropy (8bit):7.016057948776936
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQGNGm9CwchdXaB0wypv7nzTGTOGjlbe6:XDFhhKYaV3JZWCwEa+w+vzzTlIK6
                                    MD5:A06979EF648DAC97CBDFCF3226262B2A
                                    SHA1:81758BC4658FFF930B925C4FC1669BA1E1D97CAF
                                    SHA-256:CB6F59A51C8D148BD9FD3B3E8B72CB4E04426E6A0E553A4B400899A79CD6FE6B
                                    SHA-512:282B65547DB212B2F8854F5B5D89B9C7654EBA9273916F9CF0F1BB148175E28C43B1AB80B3CF9CC7ACF476758BDFBB8D038C32CD116F3F2A97072DF49137FBC5
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....>..~._...5.^..O>..>?~..'.|...g_<...|.....?......O........./.}.{}.../.~../...........'..W..........k.[....O......_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\470.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1228
                                    Entropy (8bit):7.0413961445676
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQdHAGm9CwchdXaB0wypv7nzTGxGLmX:XDFhhKYaV3JdHbWCwEa+w+vzzT8GmX
                                    MD5:36F2DC8CD82FD6C2BD0F2894ACA56560
                                    SHA1:6A3EBED0E6170FC7B2984DBA6921F29174318396
                                    SHA-256:DFF456080C1F19D034F7ADD2DE2D8EE7DC510892965EFFE4976B7817A54759B5
                                    SHA-512:D85355255787B0037CE1380787435F25D4436A971B8054550ED5CE1F655FDBBAFFD75389F09D1FEC69DC31DB6E7967FBB2D71912EF14154105FB79E41D7154EC
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....v~._...5~....x...'..O_}y.._>;..g_.}...'...<......zr|.......O.<y.../.......{..y...s........k.[....O......_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....k.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\471.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1228
                                    Entropy (8bit):6.997395929003033
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQj9hLWxGJO87xX6HlHkrp4/Lug/2uy3/X0MvdN:XDFhhKYaV3Jjr/J/oHpg4zj/xsf17
                                    MD5:A5E389520D6923E6691332AECA24D754
                                    SHA1:EF30FA1BAFBA3CADB7126F4409B950E7CE621643
                                    SHA-256:834BE8B91E23F740104F6452894772BA49B5964A6D04A51AC348152AE6332AF6
                                    SHA-512:9802F241FDBB4F098417E5F544DA5AE58030856A5406EA273F29B7C29837CB50372E9022B1CA71B3313D21BD134BFDF7CB864F8B94FC2B613D70DC8ACB7D65FD
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....v.._...5~...z.......W_>9.....u......~~..'^|../?..........|qv.{.>=~...y....._....O..~...7.._...5~...............z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\472.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1235
                                    Entropy (8bit):7.0314932666204575
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQAg6Gm9CwchdXaB0wypv7nzTYa+GzEl:XDFhhKYaV3JxWCwEa+w+vzzTyb
                                    MD5:0077217C3518E8C9401D8CD733DE3C11
                                    SHA1:13E6DA5E57C4438D1C75A05954A501D5586031B6
                                    SHA-256:091D6C294BFBC4C36094BE60EC370163824BCBF2FDCF56DCE078DCFC2AC27496
                                    SHA-512:9285EA261AB13DE915AA4AF3676E6D558D878DD52EA0C1E4328F66DF6B6FF36B4716A7876FA8FB8E91B425DBD530269204F1B4EE856D6A0C4FA6F634A95C0143
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.....~._...5~...../.?....'..._.x......'..........?ur|..<...x~.....'/.../.............O.s........k.[....O......_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....k.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\473.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1215
                                    Entropy (8bit):7.058386755019486
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQZrBYTXAC4DcFAiuY8C+ZkdWa7DUDNqOJbJ:XDFhhKYaV3JZSTwC4Diz8ChWYc
                                    MD5:5A68E73B54DA0AB22AABC7B9A1CA8B76
                                    SHA1:8BE5BC5369E4D34B587E97C5524ADC5E99773475
                                    SHA-256:020BBF130AF4E6CE4383342084A026DB01BD73B04B973F0C6712C6F53C021B59
                                    SHA-512:DC14EA3BF408E81BF2BE5801F788FC0F7BFFA4C75A62413162BC1D848826309E9211F72C8BB0DCE0E74816332BA35DE5DE90542AE3875A9C35201F70B6FC8716
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k.....z.{={.....}......./._|..'.|.............'_|..._<}q..W./.....w~._.....{....?.......o....?y.._..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\474.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1219
                                    Entropy (8bit):6.9765358540093505
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQCymjGv94zxNSJ1xLpxCN+VJ2LEz0z1T0uTqYyt+:XDFhhKYaV3JFlRKNB0Xt+
                                    MD5:DBB93212F92DA6D27164D4F027F4906A
                                    SHA1:EF9708F5B5AEE55ADBEA7A4026691A3193C11D51
                                    SHA-256:E02D0201B44E5274233D1E2DEFA77776BF4E777912561D28F4851B3B133A08C6
                                    SHA-512:631BF477DE7CD130EEE6C285B71AF1DC994BD79A54903DEB2D20D2312D3E300C60023A669926D8EBE6B4AC44C707A0DE10654B65B3212C784E19800A6B709B03
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......._...5~../..<yr...W_....}........'...'_~.S_...S.O~./.{|...'/~.'/....w....../.-.....~._...5......'................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......5~._.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\475.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1229
                                    Entropy (8bit):7.021974882989286
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQZH+0XAC4DcFAiuY8C+ZkdWa7DUDPoK0mk:XDFhhKYaV3JZ1wC4Diz8ChWYJmk
                                    MD5:3497A3BA6FA614C63CBF05CD99B73984
                                    SHA1:AF538CD6146C34AB397443F9457DD2E4575439D8
                                    SHA-256:EFFB687DC312E58201B3497AB0DFAA9E0A0680CB865ED639C5F0ABFBF734514A
                                    SHA-512:00C4C103A933F2150F3FA04E15E7D809550A07B4FA10163E4FFEFDB9F56D68297B7C350BD90AD20E6CCCF7AB484884FF418F652F7083BD20579D2CA4F0B66437
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k.../..._...?y...w~....}.....y../..._>...<~.S._|..~.{?{....._...S._......;.-?....?.......o....?y.._..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\476.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1245
                                    Entropy (8bit):6.989724143773184
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQGRpvt9hLWxGJO87xX6HlHkrp4/Lug/2uy3QyxakL9pV:XDFhhKYaV3JGRRtr/J/oHpg4zj/xsokZ
                                    MD5:F2617EE56E5ECA6C8096F287832FDFDC
                                    SHA1:7122CD8E890B0BE5C21AF700062D884DA76CB9C5
                                    SHA-256:EAA1E54313F16E59A721E66C1C704760BE982F3B007398B8A173F7919CB0DB84
                                    SHA-512:89D8F9B67732CEB0E8F9EBB2F78C5280A8EED872860A2C4FD14E95EDC8B8AA3EE309701887CBB96DEAD1714305F875BD21D47EC8E9853DF7B4150324A5E51ADB
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....>..~._...5....^?.....W_>}....>..._....w....~..zy...s..|..o.>O....../^...S.9.5~....[....7.._...5~...............z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\477.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1238
                                    Entropy (8bit):7.005679821400762
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQjuaMho8iYTmfVHMhfgXwrPmT7sILosYq3ssDOTSPi:XDFhhKYaV3Jjua6oCmtHMhewrBuos7hi
                                    MD5:60F7DBEFC408642DC531C76FE2EFE20C
                                    SHA1:5DFA0CDE588A343411C9B23D3FB702076FC3F341
                                    SHA-256:4F6A2469363AA6E21F425790C2DA448FF6F2DEA2278BCD4E97CCA425434B70F7
                                    SHA-512:8B46F475295A235ECE8A030C7BA0FB60B6FF80C279345A5DCD46757E2BCEBE42CAD1ED5778494E3F4D5E4E1EAC6590A4207790207FE84A334285E2E73D241552
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k.../....;'.y...O........./.|..'^~....?.....}N../~......_.^.>~q..O.^.............~...5~._...w.......G.z...k...!.N.._......_....?....h.k`......7..|..7.5~._..@..K~._........5~....~._........5~...7.5~._.;..t.^.u..,7_s..]..;oD....>....u..6...U.......u~..1..X^h..o...!..........A.............7..)../.r.........&....O........]Ct~}}........c....k...&..............r.k........&..........5...................h..?.v.&...~.......o.Co........7.A....~M.2..........h...5...........ch.k....../......<..k........_(..C._......@...m..?.;.....c...k..?..~._........5~..K.._........5~......5~...._...5~.w.5~._..~._...5~]....!..o.E.l.o.E.2..j..`N

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\478.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1238
                                    Entropy (8bit):6.9950254179295435
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQYkzZqDt94zxNSJ1xLpxCN+VJ2LEz0pYooa0Y7:XDFhhKYaV3JpgHRKZ7
                                    MD5:7FEE3FFAD901F6765FB077DF817EEF55
                                    SHA1:A084F0273A0FAD595C89FE62B354C67159D9C93D
                                    SHA-256:F9967C2F1D6119031523E603239937CD100B72C3620705D2E2AB2A0A7283ABD4
                                    SHA-512:8613B7CC2DAFB34E7D5915D2A1ADB7A02FDE1DC99C1FBB46DD8840D626FF7042758AA9A9A670BD3C46B2D250663FAB3F29B37D69AC76D5FF951F85BD9B6174A8
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.....~._...5~...x......^..|....g..xq....w^.../.|.S...?u....?y....O...|....O=....5....o.[.....~._...5......'................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\479.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1236
                                    Entropy (8bit):7.025986414236437
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQQjDGXNdi39/62M0a/k0HqZVH1hkPIsbxJYtjbaGcv:XDFhhKYaV3JQSNG/OH1Hs7BsbfYtaRv
                                    MD5:6B171087664ABD69DD5DACB45499A5EE
                                    SHA1:02CE5A7A6FA5D9C13FCD7B479846AB307082C51C
                                    SHA-256:E6801C472AAFC7EA5EA944558FB74C99CD77CB5253FA152C3E10803F31C11011
                                    SHA-512:73C82C17783263E51D3EFCADFF2F286611678ECA38B00BC19EBC38BDC9B0B5BE30019D8E6F6C0D32B79EC8E19CE715DF144C53C6D9E8C6BCD566F02FA8F9D667
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k......./......W_~..._<;....>.?..;.?q.{?....~.....~....x..............5~A......o.c...k.....w..go..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.k.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\480.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1230
                                    Entropy (8bit):7.015742978311429
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQX9Tp9hLWxGJO87xX6HlHkrp4/Lug/2uy3QoeJD2lGU:XDFhhKYaV3JtTpr/J/oHpg4zj/xsJeJg
                                    MD5:9D8CBD900E85AC93593CF0D8AF54C1B5
                                    SHA1:5E124292FF14A1B1038A0B11650DD32E5B69EE72
                                    SHA-256:D2FF5710FD26B038FC88311571ACEBEA5D72BDFD02104180B70A738A3FB0D12B
                                    SHA-512:34E1E01FF3285DEEF49A17D881E0262F0209D54821FD7658F783B4E977D2F774CD46B837714E963122F888C9A5AEC7C96DB594B200BFEDB81A8057A78D167D5D
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....;...k.......o.....:~...wN~./..>y....>........z..O==..O.?.....ggO.<~.{=yq..~.....5........7.._...5~...............z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\481.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1242
                                    Entropy (8bit):7.008866144681047
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQpg3vgXAC4DcFAiuY8C+ZkdWa7DUtQV2ZwszjbH2pZXi:XDFhhKYaV3Je3YwC4Diz8ChWY0VzWpZy
                                    MD5:19E42F94DF4001B558840D9217D48D65
                                    SHA1:9135D44485E1191B28F0255B83DED950C2CD0421
                                    SHA-256:90B6207B9F401BB24464DDDCC0FFCCB44C63F000753E28638E0E5BBBB576A995
                                    SHA-512:B130F68FB10C998B16EC953EDDDC33150AAB8AAD029E01EE13B612234BEFEBA070F35E7D60959701B5B4965ACE61EC08BFB3C190D6B2A2F5C63A131EC01E7623
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k........k.....w^|..w......'O..^_>{r...}|..;.?..|..y..~.........|.;.y...'..../................?.......o....?y.._..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\482.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1231
                                    Entropy (8bit):7.029695589021443
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQxaQAjXNdi39/62M0a/k0HqZVH1hkPIsbxP6f2j2TJLb:XDFhhKYaV3JxaQATNG/OH1Hs7Bsb5IfJ
                                    MD5:06ABE2763A1F6886FEB7DFADC61124E3
                                    SHA1:FCC1A8C6574B1AE912EF64C5DDDCC147ED42AFA0
                                    SHA-256:ABABC463DEAA17045853BB150CBF678DEA024FFB97BFB58ADAAFE9956081DB6B
                                    SHA-512:D07E5DB28A2A0ADC797BA492B4D6E515FB49D8B6D09AF717541F6C523072058EC75D9CB2AC97B3D088134604B53DDED47FD0501909F5146687A18520B0E923A7
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....{...k........O~....._?9...'.N..Gg.y......'.?.{..../......_.......O~........|...7..o.c...k.....w..go..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.k...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\483.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1245
                                    Entropy (8bit):7.027019670213331
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQySXnXAC4DcFAiuY8C+ZkdWa7DUSsSpDO7nBZtjP:XDFhhKYaV3JySXnwC4Diz8ChWYpVArBj
                                    MD5:A448E0AC1BC08B26531FDB26E46CCBF9
                                    SHA1:F99D7FC7D67812201494B0A118A3FAA0EA9D74BF
                                    SHA-256:1B862C9D77CF36FE5DAB8F6604E477768CA5D5FFA0C75B4B5787582418000A66
                                    SHA-512:C478AB11C1868C879E4BBBC8ABBA37EFF636F138F0B025A5146E5C0D5791CCD8C5C2C69CDAFC12CEB41185997E8ABC9B7ABEDD312C63EA4B1819409D9A6B5F76
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.....~._...5~.../.z....u|.....'.N.=...~..........|.S....S.'._.:..../.|.../.........g.......?.......o....?y.._..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\484.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1232
                                    Entropy (8bit):6.988802436921537
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQXMEVwE94zxNSJ1xLpxCN+VJ2LEz0PmoDKBr:XDFhhKYaV3J3wSRKh8Z
                                    MD5:4B2F1D7EB973E1D13E769C46495E7E3E
                                    SHA1:296534AB5A4E6DE4D13A92D0D6DFAF630E3621D2
                                    SHA-256:792F7D9FF1BF2397FE31474B64803380893D185466FB0903C2A505ED7E44A619
                                    SHA-512:E4257336434542B29E9DB4E06C633AB48598036AAD7D4451C4E5D1FBBEB3A5AB6DE4BE0EE312166F8B51DCE9692BD2DC3EF5EB48D2D5AF8A115165FCA1029C96
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k........k....../.|........:~...._.>>..;.?.....|.So._....O.x..w...../~...._...g.....->.......~._...5......'................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......5

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\485.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1238
                                    Entropy (8bit):7.041416336939899
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQSDKwYTmfVHMhfgXwrPmT7sILoGAesD:XDFhhKYaV3JSWjmtHMhewrBuoGAJ
                                    MD5:693F64020CB1338F5B3EF9E0FA0AFA30
                                    SHA1:53EACA3BB8F30869BBDD35B93E89AADC97A10A92
                                    SHA-256:0123FB651A1A786955504A68421B978C096CD3C7C7483C5A4DCF4D596123F0DA
                                    SHA-512:AAEDB8AD00568462DC7A4D055102C3AADF708BBB5BE0D17033FC3BBBFE3A02C70880B96EC204F91001D531173DABD626E523EA1EE5A788F6E38BF346178388E0
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......._...5~...?.O...........g'O.|.....9.......?...o........?.../_|.{?yq..O.}.k.A..o......~...5~._...w.......G.z...k...!.N.._......_....?....h.k`......7..|..7.5~._..@..K~._........5~....~._........5~...7.5~._.;..t.^.u..,7_s..]..;oD....>....u..6...U.......u~..1..X^h..o...!..........A.............7..)../.r.........&....O........]Ct~}}........c....k...&..............r.k........&..........5...................h..?.v.&...~.......o.Co........7.A....~M.2..........h...5...........ch.k....../......<..k........_(..C._......@...m..?.;.....c...k..?..~._........5~..K.._........5~......5~...._...5~.w.5~._..~._...5~]....!..o.E.l.o.E.2..j..`N..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\486.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1241
                                    Entropy (8bit):7.004098223899896
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQqetYTmfVHMhfgXwrPmT7sILorVI1YkiX:XDFhhKYaV3JymtHMhewrBuorVICX
                                    MD5:C9B61995C43753B093C9BCECB3A405EA
                                    SHA1:20A896F67F7AE6CF8194B0FD7AB8BD3B148A097A
                                    SHA-256:60CD909CAD6F14760B48399DC2BAE8658E281BCF74D1C0C358F0FED08B3458F4
                                    SHA-512:4D4415C2137C4D6D54C75237509ED78C7E0E498566618506EF0638EFE930F145BAD0223F9346BF6B415B372B09DE66FE74DE2B75C2010069331D2FA54869DCF5
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k..._../.?.....|.../..}.....O~..'~...'....^...O...../?........'/......{.......?.....~...5~._...w.......G.z...k...!.N.._......_....?....h.k`......7..|..7.5~._..@..K~._........5~....~._........5~...7.5~._.;..t.^.u..,7_s..]..;oD....>....u..6...U.......u~..1..X^h..o...!..........A.............7..)../.r.........&....O........]Ct~}}........c....k...&..............r.k........&..........5...................h..?.v.&...~.......o.Co........7.A....~M.2..........h...5...........ch.k....../......<..k........_(..C._......@...m..?.;.....c...k..?..~._........5~..K.._........5~......5~...._...5~.w.5~._..~._...5~]....!..o.E.l.o.E.2..j..`N

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\487.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1230
                                    Entropy (8bit):6.9822862811906345
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQMT2s9hLWxGJO87xX6HlHkrp4/Lug/2uy3lv7LbC:XDFhhKYaV3JMVr/J/oHpg4zj/xstW
                                    MD5:AC5BFABDA257A8F9C695FA41F8338279
                                    SHA1:79800E93E3A41765E61D6FBD27703DC6EEB2C248
                                    SHA-256:4C58922EC46CC65AD3DEA34D26798F9C2FDBDEC8F34729FB1A54D16136982553
                                    SHA-512:03B6F5C3C63AEFDCF15BEBF451AC160759BF17085AD55A809E4C1E402EAA4726A6EA5DB57C665F1A2B75B1D9EED58CF7E73720255FC23E66F5709819A4350BF4
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.....~._...5~.....z..'_.~...g_>;y...yy..w^..W_=...~..........o....'...|q..O}...{........7.._...5~...............z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5~

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\488.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1237
                                    Entropy (8bit):7.005434217073922
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQEdg6gdX2o9hLWxGJO87xX6HlHkrp4/Lug/2uy3lkuPx:XDFhhKYaV3JmX4Dr/J/oHpg4zj/xs2Kx
                                    MD5:47A3D778FFA2AE4251B832513A0AA5B8
                                    SHA1:097DF8DF8320CBD26D61E80FD3B7966A7F1670D5
                                    SHA-256:7952DC5F2078B6BEDE7EFF62B7215EFA4A6D327F6602F2B2C840F59328BC74B3
                                    SHA-512:76076D197E206EE05E9AF11BC3D648D34D4EB3C3E4C62488B070566E90D7848F88C1A413763D3031839C7F81748BAA358E4BD7F9D355179212C77B8BCCFAD490
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k........k.....O.....?...._>y....<{....;.y......~........./^....~y...|....O=...{>.?....7.._...5~...............z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5~.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\489.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1227
                                    Entropy (8bit):7.049351617034392
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQMUJXXAC4DcFAiuY8C+ZkdWa7DUwGJI9o2jbTU:XDFhhKYaV3JMawC4Diz8ChWYWv2A
                                    MD5:A15D91A62FD8DE00D9A5647346925B70
                                    SHA1:0F5AEDB54390C8A985C4ED5F5386F4B3069A0B7C
                                    SHA-256:4B0C025BEC4FE6A4B0D76FEAD8B281A3465D37A1671DD0AD398F416A9AA9BA57
                                    SHA-512:D1AD4AB38D23804B98E3EC6346EBB58929155C42EDE8B7474D81CAFF64E3E59C01B11139D5104D79038AC05901558225C3CF378627701CF9E82910B8E6F65687
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......._...5~..Wo.<....=9~...:..g_.|yv..'.s../.....?.{......../^..>'O._.}...'?..._..J...{....?.......o....?y.._..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\490.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1235
                                    Entropy (8bit):6.981482215666936
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQsQUhAOKvNu294zxNSJ1xLpxCN+VJ2LEzbB1i5ZBqH0s:XDFhhKYaV3JsQUhADRK2B1i5ZBDPU
                                    MD5:F3070ADFF21468B7E17A7587881AE38A
                                    SHA1:767C743203713F9E8FF83B7EB4D25A4702885341
                                    SHA-256:8DCCA32706020F734FA0B35E1BEA30B2E48A3A7E486CF44F02EBE113C7A33CD7
                                    SHA-512:8680EF8EE6A949128012D5255236B1D7E2571BFF35DD0181464F553FC8A260EDA06904F9B894F1AC559098C08BDC71AB0951D2DA906B8E7216D401EA20BDF5B1
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....w~._...5~....7_>?;y...O...?;}..o.~..'~..|...zz......._.9..O._.=yq.............c.....~._...5......'................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......5~

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\491.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1235
                                    Entropy (8bit):7.0181604382468095
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQsp4Af2shjZCcHNmuS39kxzHc8UYtDEyM6qWK+SASZpg:XDFhhKYaV3JspBuCCsm8y8rZEp1Fagg
                                    MD5:C5F3669606F7B5B09218E5E9953920B8
                                    SHA1:71EB706BB38BF48868C0757AFCCFAEC64240C68E
                                    SHA-256:DBFEC487710576DB4943E9E0657D6D823F70689925EC6CE27593DCF001383410
                                    SHA-512:D0F8122838F76113E18C6DCA4E351A7FFF3D58E4A123DD17DE9A2D092CF270C20492E89EEA4CB6CFD489DAEBAA93884686B7E7937237F62B0DB5772501C4D61B
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....w.._...5~...|.'.|.{.<y.....x....O..g/~..9;~r.S.9..~.'......>{...O...._.........w..O......u.._.......<{./.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\492.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1221
                                    Entropy (8bit):7.01778822370992
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ9v1va19hLWxGJO87xX6HlHkrp4/Lug/2uy3Q+EY3PFI:XDFhhKYaV3Jrgr/J/oHpg4zj/xsBv91+
                                    MD5:B5F8E6596797141C3BF7C6DBC484D8E1
                                    SHA1:CFB47C1853B99DCA28F841F6A824D05FDFBA4103
                                    SHA-256:CA8F66CD3811415719993636E8870DB7A58EF7E33BF0BE4273DEA89FC363344B
                                    SHA-512:411BEC9B897BAE63524D3923AE3592220327851ABCA1C066DD8BBEEC9693A088B8A73A9C6996DDF00716B37F44540BD3D68FDE910653D464F7B48FB434B16070
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.....~._...5~.......'.O......o.|...g_~..O.^g/~.;_=.r.SO....y../.s|v...._=yq..<.5.....C....7.._...5~...............z...k...;...._...5~._...T.....B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5~

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\493.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1227
                                    Entropy (8bit):7.018601480016073
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQiFGm9CwchdXaB0wypv7nzT5QQJiK4dnjC/m:XDFhhKYaV3Ji8WCwEa+w+vzzT5QspWjN
                                    MD5:D2336880CBEB7A5C34BBCF5138F29DFA
                                    SHA1:B256C2B7FA4895EEF676E2DC050A960651C54560
                                    SHA-256:4DE2E71081782F07A3B12CCF45441219A6AD33062A7486AD35D6944C74E42D43
                                    SHA-512:C21B431483533074303F2DBC24B5D0D610E5022B7F9906BBF479F6374C1F1E234DEA65C20F3524AAA8EB4774C8AD9C44EE455D8FB7A519F799782B11ABD3EC92
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k.......;..?9y...s..../._.^?qv....W/.<../..~...}.{....>y...8..~......f....O.........k.[....O......_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\494.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1225
                                    Entropy (8bit):6.977415064853912
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQd3VVq194zxNSJ1xLpxCN+VJ2LEz0Pm3nkksHR7l:XDFhhKYaV3JdlViRKh4nkTZl
                                    MD5:A1110D8EE5AC9F4E35D273B08B7394A7
                                    SHA1:D4B38CF1950CB1E36322731003AE8B5B31D19F1E
                                    SHA-256:1D21C4A93919E9C46015397665C638C26C0D4666F0EF78ACFA2461F3074E4519
                                    SHA-512:51753C68307711EAAD8F0F900BA8717CE1672CBA86D17B2A98AD647F68B6FADB3392A0945C16366D7FB317149C06BB1CFAE689CF46867BD21153CB50FD08A97D
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......._...5~../...'_<;;~.....gO.=.../.^.............<~.SO...8...;O....}.|q..~......7.?.7.....~._...5......'................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......5~

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\495.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1238
                                    Entropy (8bit):7.0071827375779705
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQKNdi39/62M0a/k0HqZVH1hkPIsbxl21GbbrQiydG:XDFhhKYaV3JKNG/OH1Hs7BsbYGkit
                                    MD5:9471F785BBB9C2E65226537B65630611
                                    SHA1:9A9C08C3D69CABAD3A796690E0A418E836DCB54D
                                    SHA-256:7537005B230AA1B23528B6606F2CAA27CD908F308D32AF1BA7263A58699635B8
                                    SHA-512:44807F18EA370F6BC35470B4C2A82CB5CB5B78AC14D59C086D751CAF51FEAE667D3CB6CD938A32696FF16188665CD0C8A23EF6EA52C827CF8D3515266F809252
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k.../.x.......yr..._>{..'.........^........O=9>......O^|.{?yq..O.}.k...._......o.c...k.....w..go..?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\496.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1231
                                    Entropy (8bit):7.054085567352269
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ1DhgXAC4DcFAiuY8C+ZkdWa7DUDsXSt+MqBgR:XDFhhKYaV3J1DmwC4Diz8ChWYrXStqBs
                                    MD5:B373E9DD52EF7905556803AC09793C66
                                    SHA1:328B86461F15A63057555359D15345646E61D3AB
                                    SHA-256:9B46797EB5AA1019B4EB561196AAE5C5FAEE0FD4D5309A5B9DABD8D4FF43C7B6
                                    SHA-512:BE44522418BBF90BFEB6B40F7BDBD42DD0154A47376DF2D7FABF9BDCE6EFC539FBDD6DE845A89E18698229C41547A690423659D24368D3A0D3BDE860C154B744
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....?..~._...5..|.........g_|..g.?y.....'.^..w~..<.........'O.xv..|.........'?......]........?.......o....?y.._..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\497.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1225
                                    Entropy (8bit):7.034571617747786
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQEZLrlGm9CwchdXaB0wypv7nzTGSguHvwan:XDFhhKYaV3J6rcWCwEa+w+vzzTcuH/
                                    MD5:DA5CF7D9FB47E3B29B730239F59212B4
                                    SHA1:CDB805775407EDA4CC8AFAD65EE2285962627F10
                                    SHA-256:C9A5D075D5351652AC791CF651091A5495144320CD92843B4519B44E6E3C2DD6
                                    SHA-512:8214F0B0FECD628BE6A903F80091F325613A96D8956D8F948B9C94D1FA7FBFBBE3FADEC258B32EDCE2F905F91A77E591120D5D5D1634BCA385976278E5EE652C
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k.../...'_.=9........~.....O.>g.?.{?.}....w..~.....g..}../~......O~........S............k.[....O......_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\498.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1218
                                    Entropy (8bit):7.020733003762628
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQUVBIKGm9CwchdXaB0wypv7nzTGd5D7upNit:XDFhhKYaV3JsB+WCwEa+w+vzzTsD7uit
                                    MD5:DD221449AC3D599CA3FCD481DC72D6BF
                                    SHA1:37011E00028CDA54FAF5F319AEEC95ACDEB42A25
                                    SHA-256:D28F9934FC1DCC5D82FE9AA08F5BA5C1ACFB62814B009E6FB5EC17522849EF71
                                    SHA-512:56C891A0B6F6533FD2BEF060C5CC1374EDBE667704A8A37A2608B6A7CF185BBB600493899CFA97C68034919961028C13037700EDEF8FA17B52881EE8E3CB5373
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.....~._...5~.....'.=?~...O~.'.?{r...~yv..?..'.~...:....7..>.y...w....'?....................k.[....O......_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....k

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\499.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1229
                                    Entropy (8bit):7.037836169669634
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQEpRluAf2shjZCcHNmuS39kxzHc8UYtDEyVpuupdTtzv:XDFhhKYaV3JuuCCsm8y8rZEm8uzJv
                                    MD5:8DBFB146193C85CD27775FE5A59FEC90
                                    SHA1:B8B6BE06AEDD5EF667A6DA4978F37C11F24C571A
                                    SHA-256:2031E33E213ED2EBCA58D623097778F77AE20988756E89BA8B1A009BF9342C44
                                    SHA-512:AFD431213BA4A331D51DDF00FFA206CCE4EB140C7A8A3CEAE05ACEA4D5D25BB4421A86386120E634848D157C001B2CC71C2E964F211A5448D342F3C5BA3EE792
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k....^......7O>?}.....|~..w.^......'.?.S.?u.........g_}..........U.../..~...u.._.......<{./.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\500.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1234
                                    Entropy (8bit):6.982416673757881
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ0MQD4b5ft94zxNSJ1xLpxCN+VJ2LEz0ZHEdbUf:XDFhhKYaV3Jy0RLRKfPf
                                    MD5:F61F28DC73BC8C429771B048FB2394BD
                                    SHA1:EF04C9EC43C08B26A663861517693391857F4BBC
                                    SHA-256:782C76605CC05F206B204A4215629F9C5948FC354C813566DF8CF38A9C0F811D
                                    SHA-512:69F5AB87C33B9CAD73E4A5191DEDE0E2FE4AF957D0696609DBA6FE04130B2BAF03D13EB22580610E8051739423E9417D201B8C9727F97CE6504266DFCB00461E
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...wv~._...5~....?...z.........../...o.x..g..zv....~......../^..9y...gO^.?...........>.......~._...5......'................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......5~.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\501.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1225
                                    Entropy (8bit):7.029133091853192
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQGCGm9CwchdXaB0wypv7nzTHT++jb9Xz2Ta:XDFhhKYaV3JYWCwEa+w+vzzTa0zp
                                    MD5:DE6B4BFD13193547709DAF2BB9E5DB48
                                    SHA1:D90152302B7AF2CB968C42CF0BEDF583526648E3
                                    SHA-256:3C10AB87F16925E5498931D6C8A75D286FA9DC3AEA8F36873F99D6001147E3FB
                                    SHA-512:0E14A5E9D3276C54EFDF4C4EF93339FEB41BC582C9926F80CE9FC99F650A3F76F50D8473375C6F0D52341DC4D641561FB76398463C630FF6BA8F52D659AAC22D
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...wv.._...5~...|...............'.}....W..../?......O........../~.._.8..}.k.C....+...........k.[....O......_...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....k

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\502.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1234
                                    Entropy (8bit):7.0451277096011165
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ09LzsKvyV9ZspJBafrXGSy7Qurzaf5cUmdDOFXwya63:XDFhhKYaV3JiLvBa2oxxcUmc063
                                    MD5:3813A3DF132309DDCAC9E344A5AD8411
                                    SHA1:15ABAECEAB159DDC977DBF941A2A55A18EA5211C
                                    SHA-256:90C2B0EEC0DD97C99ED123DEA2DDE08A2C68FB9C23B0FD332B5E95E68E999A89
                                    SHA-512:85255137D94DE4344D95350F8CBE0BDDC52DACFA2153E533E2FF3AA3E61130D7B18EA3C0BE811272F6838B92DF960F65DF5712D37C46972A36C536A7C83A5198
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...w.~._...5~....'....z.{=.......z...w......}.^......|.S?q...y.......}.....O^.?...._..............k.......]........~._...5~C..............*d......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^.......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\503.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1222
                                    Entropy (8bit):7.021377908437268
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQdt3ndAAf2shjZCcHNmuS39kxzHc8UYtDEyiml61Ti50:XDFhhKYaV3JdVnfuCCsm8y8rZEMq/
                                    MD5:B64CB293194E3CD50DA8F64ABF581F8B
                                    SHA1:CF94E26DF9D8123FD54B226C7B2F3090E3AFE6CB
                                    SHA-256:E2678E493082D35D5E45E1AFB565B07FEB5DD4BCA43D29CEE9B84A5954E14550
                                    SHA-512:3FA26781284815F22E58B1E750A9E1E7C9CC3A5277EDB1853F67088A5BFB9A157BCE545F8DD765E97C3477DD0CA7309069E34999A3759EF52AE4CD9EE97BDAA3
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...w..z...k........|....z...O.|v...|...W?..'....^...}N~../.|...O..|...'?u....=.....8..~...u.._.......<{./.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\504.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1235
                                    Entropy (8bit):7.010776919830711
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQGVJyy3jAf2shjZCcHNmuS39kxzHc8UYtDEyRXOz+Mn:XDFhhKYaV3JLuCCsm8y8rZEIOz5
                                    MD5:BE66A4B1BA1282B7E34047D4CC8C68DA
                                    SHA1:EF91C1ED7CBADF71A61BE73ECDAFA065AED39583
                                    SHA-256:8B112AA25EFB21E52688FC692BF14FA4370E314CB039D65904ACDD355A5EA662
                                    SHA-512:7253E23E4A6D34E0A7777D12C0DAA1EE1606FEE98D1ABAE533EB883C44E0AABA10BC7AAA5F28AD99A9F040366F0F2EA64DD635F9A629D1A667B404415FECF90B
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...w..._...5~../^.y.o...........g..=..7.._}..w....^....9..N...o...../^?yq..N...?.{......~...u.._.......<{./.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\505.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1221
                                    Entropy (8bit):7.01969050287507
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ6sYTmfVHMhfgXwrPmT7sILoYz64q3o:XDFhhKYaV3J63mtHMhewrBuoJ44o
                                    MD5:3973F078C7FCCC06048B8E7A4D9C5F94
                                    SHA1:F0A6A3033819A864972836B75B7CAE4E1801C1C1
                                    SHA-256:DDC6C78DAFECDEC5AF088AAD5278BF0CF1C48FF6AF19A777195895D04A47F965
                                    SHA-512:6BA9C71B52A10D79DBD8DEA0F3A0742AF63F8DDABEACCE3399853EB8097BDA91407FD7D038ED0C7159AE7F554F34F21A0F36D8EA8D745B2D378D592411DC45F5
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...w..z...k.../^.._<......O^~..../_?y.{..xu.....:=~.SO.O.x.....'._.~....O=9.5......._..~...5~._...w.......G.z...k...!.N.._......_....?....h.k`......7..|..7.5~._..@..K~._........5~....~._........5~...7.5~._.;..t.^.u..,7_s..]..;oD....>....u..6...U.......u~..1..X^h..o...!..........A.............7..)../.r.........&....O........]Ct~}}........c....k...&..............r.k........&..........5...................h..?.v.&...~.......o.Co........7.A....~M.2..........h...5...........ch.k....../......<..k........_(..C._......@...m..?.;.....c...k..?..~._........5~..K.._........5~......5~...._...5~.w.5~._..~._...5~]....!..o.E.l.o.E.2..j..`N.._.7.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\506.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1234
                                    Entropy (8bit):7.023846462097828
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQCDXAC4DcFAiuY8C+ZkdWa7DUilZdaOx:XDFhhKYaV3JCDwC4Diz8ChWYB3x
                                    MD5:E93F856C3C2A6722D664AEE4648E0BE1
                                    SHA1:09326EFAB64DB1B5F7FF7DE7BD5D73C49D5A88FC
                                    SHA-256:E694EB236EC0AB123A0CA8063C61EA6221352048676A3E3B69EA6DF3D213DBC5
                                    SHA-512:486BD041DD59979C48C35140F7F74664E02A1A15F4FCC25408F166345926F553EE23ED0C06EB5792C78ACF9E202022DFA1DECCCB8A421C4CE117DB3FC089A765
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...w>..~._...5..|.....O...^_~.../.}q..W.O.{....=...~..zr../~..O.|.../_.?.....5......=.._..~...5~._....>...._..~._...5~...x...........k......}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5.u0....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\507.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1231
                                    Entropy (8bit):7.008322721708812
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQvvdW8di39/62M0a/k0HqZVH1hkPIsbxvWZS9p4biA6n:XDFhhKYaV3J3dW8G/OH1Hs7BsbskFGU
                                    MD5:00291138919AE62ED57673EECBBE4056
                                    SHA1:56C4FEC16F95F4E2A1F712011D635F9CB47C6D71
                                    SHA-256:8B6D6114B45594B06EEDB3436F30EC1E3403D32AF0BD41832BAAD840DDFBB8BA
                                    SHA-512:7F365627CF89EDA8C030DF67EF439A066C92FB4E9EA3206E20E24BAC552022D9F1874F57ED6C5EB596C738B01C4C07E41331F13511A6C21F8EF23E11EDDEF018
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...w..z...k.../.....g..O.x..g._.~.....W?.......;...........<}r.{.y....z....=..?.........~._...5......?....?....~._.....w*......k.........G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.k...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\508.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1240
                                    Entropy (8bit):7.0051910483683715
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQzt1XdAf2shjZCcHNmuS39kxzHc8UYtDEyx1VzcNFi8:XDFhhKYaV3JnXquCCsm8y8rZE6AK8
                                    MD5:EDA02E98103DAC3B1D46343A2546F153
                                    SHA1:3BDCD7200DB2B5F83E1FE999CBC1D45729A0F70F
                                    SHA-256:36F3B4CE6BBF1BCA285F02C245304418D976CBBB84BA9D28D8E44493BE93939E
                                    SHA-512:6D5EEA3236107CC2EE8EF1B77468CC1221854B664228BBEF7545D0D3E021B8437D20835B72FD2988E9C6C51C18ABAFDE43F14A6AE7584CACFD5D7053DB8A9C71
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...w.~._...5~...8..'....<...|....g....ON~.o.x...'.?.................<}......._......?....~...u.._...W....K.../.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\509.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1237
                                    Entropy (8bit):7.056729163413495
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ1gseyV9ZspJBafrXGSy7Qurzaf5cUmBFP1:XDFhhKYaV3J1X+a2oxxcUm5
                                    MD5:4F9FCA9558E8052508B83C540936B556
                                    SHA1:C154F7126DD00344776E1BB52A0907DC6CB46DFE
                                    SHA-256:3F472059C74ECD0CC98A42325BD2374A9098C41D28BC3F3794791E6D73BBF192
                                    SHA-512:098BCA7D961509D4E6A771D0B55B0A23DC5A240E7CFA91B08853CBAE63C57FEADC1B620803AD4B7B88913C0C280A26DB875354FB36CA6EC2BA439CF771162269
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...w..z...k......O.s......>{......x.._.z....zs...9.....o?=}........O~....5.......7..........k...?...[......~._...5~C..............*d......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^.........

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\510.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1232
                                    Entropy (8bit):7.006921799671215
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQv6YyvNAf2shjZCcHNmuS39kxzHc8UYtDEyyad/OGQ:XDFhhKYaV3JEyuCCsm8y8rZEI/OT
                                    MD5:F6ACE3AD479AAA9B5BBF338A8FD79802
                                    SHA1:AE736642BA83E5D693D5778C3151E7496714BECF
                                    SHA-256:DA999CCE1BC1674CD7F0C1ACA34559321D0C47468668C3F51A4597CBC5D99A36
                                    SHA-512:BE5CBD1FDFF24C3253C5F65DD720C4E322456288C71B5DB2214B576A30AAA1E6744D2627A4679235DE5FEBC172F6DDFF0373788ACEC0BBBBE99108B69E488694
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...ww~._...5~........^O.<{....^_>{...7.'/.}....7ON....O.>'.........'.~.../......5~...7.......~._...5~........./.Q...k....o..SA....~._...5~.O..>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\511.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1244
                                    Entropy (8bit):6.964088754283126
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ/EvbOP94zxNSJ1xLpxCN+VJ2LEz0mwA/Jj6J:XDFhhKYaV3JMvCFRKPA/u
                                    MD5:CB2974499581B2FE75AD73EBA61F899B
                                    SHA1:C373E84104327D872572638A5716F73818CB8062
                                    SHA-256:2BE80C5DE8269FDA959D6B8795DA26988ECE671630FD32FCAA67CBDFD2B32732
                                    SHA-512:653E8B6D4FF283E9E42678D3DB7EB00FFDFD8B7895F6B75B9E24C437B2CB437EEC2C50FA21E818560623A428033DC74E556FFAD4A0FCDF81C5D86EDDBBC04DCF
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...ww.._...5~...|....^.g.|...|..w...x.../^.|.._~.S_...../.......O.<..._.8>...._....'..?./..?..........+.._................T..5.._...5~._.S!......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\512.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1222
                                    Entropy (8bit):7.040305066191459
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQVWgLzm9CwchdXaB0wypv7nzT5QQJMtOvNH+:XDFhhKYaV3JVpLzWCwEa+w+vzzT5QkMh
                                    MD5:9D480801153485DD49B19685AFB6F8E1
                                    SHA1:1BDB208C9183DC2E2394A3CD4B1AA64811E12226
                                    SHA-256:2178E3176C38735776F4753627857B764E81CD706F0AA2A1A5DB55463BA6F882
                                    SHA-512:3C740B543B3C5D54CB616608A8661A3B73A496CC210120001137831605D8829FE3A7C16ED4765D8E4C46E2D305A12269DF981B00E5735E51084CA7D4594FB68E
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...w.~._...5~....;o.|.{=........<{.....'....W.o.|.S...>O.8..O.~...'/._......5..?............k............._...5~._.7.. .k.z....k.....B._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....k

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\513.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1232
                                    Entropy (8bit):7.035251724791435
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQEGIInotthYspJBafrXGSy7Qurzaf5cUmk2:XDFhhKYaV3JEGWra2oxxcUmH
                                    MD5:3E58133759DCEC95D15BD9B48062D3C2
                                    SHA1:A6EAB1EB57ED5486F0D0BCE641851B8B45E38EB2
                                    SHA-256:3B65886B11C95D58A9DE20D965ABC29CACE16E4570F6D2EEE51C438C95E97E78
                                    SHA-512:9B31645F8F2D41B6D690B9E5BE5276D8EA8BB8181F598283C04077C3B65FD10917AE68B23C6CBE3FE1E13AF32EE738E9157FE60D750AD137F454DBC7A22F7FD0
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...w..z...k........<.....?..../.}..'._.....~.....zy......O|~...._~....?u....5~......_..~...5~._........K......z...k...;...._...5~._...t.......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^........

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\514.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1235
                                    Entropy (8bit):6.995108653768684
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ/nxqace/xXTf2shjZCcHNmuS39kxzHc8UYtDEy1DO/j:XDFhhKYaV3J/n4e/xDuCCsm8y8rZEL1F
                                    MD5:4791B42795460229BA9B6D12CCC987BD
                                    SHA1:A9013A9695FE0B222AE191A9E30411988FD7DD4B
                                    SHA-256:BDC73DF233B7852BD50E101E2EBAC630966CCF02DCF213F11EEE806B41C43CB2
                                    SHA-512:9E186BB3D892571A2FD37FBBB7CFB12DA9BADE800016EA1DB7E934C6AC636752208695754A84F887B09F0BEE634327A77BE8B85714690F91CF8903E125603F39
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...w..._...5~../...g.?y.........^_.:>..o......}r.S.=~....=...o....<~..../.....5~....:.......~._...5..........._..~._...5~...x...........k......>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\515.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1220
                                    Entropy (8bit):7.050855836724889
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ37TyFihZhYspJBafrXGSy7Qurzaf5cUmdOodb8dA:XDFhhKYaV3J36Fi1a2oxxcUmcoedA
                                    MD5:D0913E3E03CF20AF8FF90B1C9C96AC97
                                    SHA1:337068C0E77528B9B4FEACDF534685ABE765255E
                                    SHA-256:078B15AD9431337C0C1D02DD08924863A984B6A97A009DE9846F04FB8B96FC77
                                    SHA-512:F53CE1D4EFC0377B6687A3D5D9AB3463789491CD6205CC900647033A2B0585596DACBCFB336BCC8E6939CE230FA5BB8571CDC111FE7D8ADDE46C2B41C270D2CE
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...w..z...k.../......'_<.r.........?q....^....g?...'..._|.S...../^?yq|.S............/..?.........>...........z...k...;...._...5~._...t.......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^..........

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\516.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1217
                                    Entropy (8bit):7.0259724015857445
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQXrjpXTf2shjZCcHNmuS39kxzHc8UYtDEyG3BmjBimy:XDFhhKYaV3JvpDuCCsm8y8rZEh3B1R
                                    MD5:4AC944563B28DCD4B4F586C6F765B4EA
                                    SHA1:E73BBD04301CDB038C2EB4706E0D56D7D192F39D
                                    SHA-256:40A7ED97B61738C3775D63176D53B3137735A773AB179C9ED777695A980C7BD2
                                    SHA-512:2DEC887DE75DABFA65A109128F8D81BE1A4AD5C70220607758D3DC4334B1E342BB8C56705CF3860D50F7841BD8F9B7E14286A2C09CF66D1E9344FA866026F050
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...w?..~._...5....'.<....._.?..g'.....O.~.....<....~.'_......gO...z....:y.k..........7.._...5~.?.W......_..~._...5~...x...........k......>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\517.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1224
                                    Entropy (8bit):7.009300851745943
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ0IXTf2shjZCcHNmuS39kxzHc8UYtDEyPFvm8ibzJS:XDFhhKYaV3J0IDuCCsm8y8rZEsZT
                                    MD5:891EBC2DD8EABD83BF2C35B4EA3A28A1
                                    SHA1:0847C481BD877CA1DCFC59FC6738B78A058CFED8
                                    SHA-256:988A2B9E10F24880845D12C47AAAAD6926121B6668E184883757521919EAB648
                                    SHA-512:5AA24AC932D74D458D3EDAF362A0F2DE0C26AB86A339E7DBDFAECB9A9E767D35ADDEF22B04A33514ABA2C552C10060078D75A45EDA5D8B47B007A6F5D0B7FF70
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...w..z...k.../..../N.8>~.........._......>~...x..^...SO..|....y..........O}.....~....._..~...5~._.........._..~._...5~...x...........k......>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....:.._...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\518.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1231
                                    Entropy (8bit):7.02258572075624
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ3JQjNhYspJBafrXGSy7Qurzaf5cUmVVDOtt6cgS:XDFhhKYaV3J5Q/a2oxxcUmV0vj
                                    MD5:B43F872A20584E30504A1B1D668CFDEB
                                    SHA1:B18E0F4B352D22FF3F44864CB7E8DDA70C27D598
                                    SHA-256:11B0B65311398849BD19EBA55C6597A5CCF626E7EBFE8E495B0D0B8FF01FE015
                                    SHA-512:F61C3610035CA8CA8ED3CA21AB592386111ED669B847C885C5E75622E507E7FD576C68DD48C77BA9DA0F500561FA8AD617ECA1D2106B20930080D2B708C0B9A0
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...w.~._...5~........~..._..^?...../.<~.o.xu.....w.........=~.{={r..gO^.'.y.k........o.c...k..../].._........z...k...;...._...5~._...t.......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^..........o

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\519.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1232
                                    Entropy (8bit):6.981156437406966
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQax52J7mM2GxGJO87xX6HlHkrp4/Lug/2uy3QgsyEus:XDFhhKYaV3J2587mHJ/oHpg4zj/xsfsT
                                    MD5:97942EC78B2A58E88AFCA88860F5BB2B
                                    SHA1:F69612D5ABE84F65FF77EADC38D3057FA8C81A10
                                    SHA-256:8DB57CC9FDEF9211A528381B8974D67DA45DAA4574D791CFA9DC7EE260E1CFA1
                                    SHA-512:A9E5060CCE81CDE87CEA24865E93CFCAD88A6B3429A19CAAEDC146C59D04CFED90CF1DEAAC90DD9F97183091C8E47769F1BF0A5D09F92423AD6AF1D4794174D6
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k...w..z...k....^.....'..<}...o.<......o.xurr...O.<~....^._.>.~z......./~.._......gO.....~._...5~._........?....~._.....w*......k...........B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5~.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\520.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1225
                                    Entropy (8bit):7.004347568894452
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ0rUzWO8/v2GxGJO87xX6HlHkrp4/Lug/2uy31XYzOVe:XDFhhKYaV3JwUX8iJ/oHpg4zj/xs9ZUP
                                    MD5:DA6D7829AF6B59A27F30F24AD85C35CB
                                    SHA1:E8155D77A88ABFA42493598E58F9CCA7B7FAE588
                                    SHA-256:D9D996284206A9D5B3C7E6CD95A481F6B1DB9746974506602FCC9A5D5DABC99D
                                    SHA-512:4C4617B016933227F3A9D2F053BE2BAE7EB1C2A49BC829F9B2F04BCBAFF87BF505C79D175DEA5DD11D03930A4D6240A92C205A237B817538A0854C111D45532F
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....v~._...5~....o......_|y..'O...=........W.}...?.....s....o..../^..........}.?.%......~._...5~._........?....~._.....w*......k...........B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......9.5~..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\521.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1213
                                    Entropy (8bit):7.0379261824916775
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQbeluPmNooCwchdXaB0wypv7nzT5QQDS9TbLbO/:XDFhhKYaV3Jb2uPmqoCwEa+w+vzzT5QM
                                    MD5:13F7EC5185A6120557304324A3A28FE4
                                    SHA1:0A07A99C2B91DBAF76CDF1482ECEE0E36AF38EF7
                                    SHA-256:6E6838BA026C7193EDC98CB12C5F03FFC66D6B1DD146C6965E0A4EAF87575253
                                    SHA-512:1B454C7ECA82E3C87B0EDA6BCA2AAAFD8BE4D5A3AE8E271CBEA88C2722619C83F5D1AB78C48A5EAC5C15A8FE705BB223CC5FBB117B0969AE52C48E67E39D5E26
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....v.._...5~...|....u.../.<~.{?y....W/..|...xz...?...'../N......./_..O.xq|.S.....q.|./..?...........o..../.Q...k....o..SA....~._...5~.O.L._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\522.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1230
                                    Entropy (8bit):7.046901262209346
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQtSa6ugNooCwchdXaB0wypv7nzT+iDG0LbI:XDFhhKYaV3JaugqoCwEa+w+vzzT1Cyk
                                    MD5:71A9333E119FC147E5820DFBEB8E9FE8
                                    SHA1:54F6018E8FBB335613B9548115FF65DA3D2C825F
                                    SHA-256:14217108349FD59D1154CA124D516F538938B4040A577AC47E55CED797201A32
                                    SHA-512:7A67345D78F1CCBDB706EA3BDFCDE5AE78A793BC8B205B666B33BF667BE681A2E454465D8A2E5E5FC174D36285BDB7562634E4B3918C3D63E5E4F3E5DBB4A879
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.....~._...5~....'.z...../.<~.._>{....O^|../^.~...g?uz...y.......=.....'/.......?.O....../..?...........o..../.Q...k....o..SA....~._...5~.O.L._.m..L...:..F........k..h.c..k..?.......c...k..?.........&...k|G......Z...k.....~.H.v....r...s...7z..ZP.y.].:...;F........c.3$|.......>.............> ...eV......5~....~.........~.k.../....^..~.7.5~._....A._.........C.~.......o.D..C._..v........7..._..........................v..........F;....YF._........ ........7.A....~M0............~........o....ch..._.:...:.M..x..~._...5~.w.5~._..~...k..?.......c..k..?.......c......c?.k.....n...k....k.....7~.8D@.M.....M.._.uQ.~....k

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\523.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1213
                                    Entropy (8bit):7.027351203560866
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQdivUIEweJnyVeYTmfVHMhfgXwrPmT7sILosYPxXe/t:XDFhhKYaV3Jd1J+mtHMhewrBuosIxXel
                                    MD5:A27AE99E4062F34A8D0F8C06018AC489
                                    SHA1:91D1CDD27BF63436AD4B795CA45C60086A519DF3
                                    SHA-256:B72DA63A45A532AF53C08B5BDAE075F2F5151E0AD61EA8FEB7DF003694BCE6C0
                                    SHA-512:6C0159491AE931E33630F049CE93A268BA9B6EBA90D66057E238EB9C1654EDF6A683BAEE89F08CEF269A181D2BEAF98D79B2CC34E1BA97E7DD7F4274E4D35993
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k............/.....'..>y.......~.'N.|.S_...>O.....u....._.....?.....=.._.O......~._...5.._.K../......~._...5~C..............:f...h.k`......7..|..7.5~._..@..K~._........5~....~._........5~...7.5~._.;..t.^.u..,7_s..]..;oD....>....u..6...U.......u~..1..X^h..o...!..........A.............7..)../.r.........&....O........]Ct~}}........c....k...&..............r.k........&..........5...................h..?.v.&...~.......o.Co........7.A....~M.2..........h...5...........ch.k....../......<..k........_(..C._......@...m..?.;.....c...k..?..~._........5~..K.._........5~......5~...._...5~.w.5~._..~._...5~]....!..o.E.l.o.E.2..j..`N..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\524.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1218
                                    Entropy (8bit):7.029187356599049
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQD0j0ArYspJBafrXGSy7Qurzaf5cUmPMPOoIu4:XDFhhKYaV3J4j0AHa2oxxcUmP4OoIu4
                                    MD5:F9F1CD5102752C394BCE9F9AF70BF1AD
                                    SHA1:5DF0D68277D271E884836DF9750B4BC4251DB3D0
                                    SHA-256:5BC0F31D08999D6A2F8BB26C00EF5F74A6C6EF84DC7C9AD5385FFF1A51A4661E
                                    SHA-512:652833D4227063112E233CC61D7D31BC93384CB33E0693964C22AA9CA6AEF0D1E099AFC65934FAE0717CF6ECA754DB341215E23DD40B970778647E96584E2EAA
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......._...5~../^....:....._~..z..o.>yz.......^.z...?........xr.........8........../......u.._....O........._...5~._.7.n>I_..e1..._...5~._...t.......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\525.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1214
                                    Entropy (8bit):7.0444523621419055
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQcjpNrYspJBafrXGSy7Qurzaf5cUmNGOT9a:XDFhhKYaV3JcjvHa2oxxcUmTxa
                                    MD5:5A41B807C2564289C66364FB748FE0DB
                                    SHA1:E2F37A931A74DE0548FEB9C2EF73575331F38831
                                    SHA-256:8A5DFED1B16EE668940C8EB06A65D0C8FBE7D0C65C10ED26B88B60AEF21E6AF3
                                    SHA-512:2D87243A7C4CE555F2F25B9A06D8781F537581B691C27F9B22A54BE43672935AB1A194C5EB8204A1C90C00EF2BB823D2FB04C12B4C7D6C4FE23A13B6E53BF509
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k.../..<...?}r...|...g.9{r........7o....~../..'.....??~../>......>....k.....?./..?..................._...5~._.7.n>I_..e1..._...5~._...t.......D...;o.....o.k......?......c...k..?.......c...k....o.k....w...r...Yn..|....w..h..}./gy..>.im~......W.....:.c........>.=C..]..........?......;n..R.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k................#..._......x..........F.P.?.v.>..5.#.......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\526.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1201
                                    Entropy (8bit):6.987869944226108
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQCVMTmVPGxGJO87xX6HlHkrp4/Lug/2uy3QyXUGtKS:XDFhhKYaV3JCjdJ/oHpg4zj/xsJUpS
                                    MD5:286C8C680ADCB18C9BE6C1430886B638
                                    SHA1:DDBA21F9073F4AE69B3511B9EB368B86903BB09B
                                    SHA-256:8D9E585F0DBD37329AA939F65DBD51CADC1A5C760BA34060FB918995AF27CE4A
                                    SHA-512:46FFFBAF382B873384C4FB27D291FD19BAF0D5F99D78A2DDA6094A972746884C252BF8DC1FC886292A151F20E31ED1DAA31572275DDE3CF394109193C4469E9B
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....>..~._...5..|.._.^.O..^_<...o?y.../....../^.~....O.<~..<y..._.?;}...s...?.._..../.._._..~...5~._.[......./.Q...k....o..|.....b......k...........B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\527.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1229
                                    Entropy (8bit):7.019309325067962
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQvqhKjcSDjI9/62M0a/k0HqZVH1hkPIsbxnOJTJZSUTj:XDFhhKYaV3JXcoq/OH1Hs7BsbkFCT6n
                                    MD5:BB313860223228E394B933977C0585A9
                                    SHA1:E9D63461C42A4D38D7728367D0F0D9EE58715FF1
                                    SHA-256:B3106BD074C3093193FF164EA71457DE885C94BCB65142A45B61EFB421F4CD5C
                                    SHA-512:A70F3517870795A88D422772BAFCC4E4426C61540872FC32FD0A57F20C8D368B53F29812E3F13D2CD68FC3CFB864A36801BE2BD437008A900DA2275EE3C7B5A3
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k.../.x....z.../..={.............../?...8~...|......>{.........?uz.k.....;..o.c...k.....[..p._..~._...5~....$}...4.5.._...5~._..1...G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\528.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1232
                                    Entropy (8bit):7.074738566135895
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQhv4o6ThXBC4DcFAiuY8C+ZkdWa7DUxdjDjz0KKg:XDFhhKYaV3JWnVXBC4Diz8ChWYAPz0s
                                    MD5:14DA8F17027789878696260857229081
                                    SHA1:174C0874B6C5DBC65AAAF4CC141A98BF2ADF942A
                                    SHA-256:1A7F2EC7E92BB3BF5C706E847753CC54A9820710C0DA881514E20F560797DBEB
                                    SHA-512:8D7192E1A95F129418C31FAFBFA3FE5E6A123378E9A4394FD857411B835470A64A1689DBD70C926A8B202CC98E4F1B9EEE8D3A8991E0BF22B08715D58B0DBCFB
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.....~._...5~...x......'_|y.../.}../??.......~.|..N._....w....'..../_.......5..?..m..K........k.}...._.....?....~._......O..y}YL._......_....?.3..}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\529.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1236
                                    Entropy (8bit):7.02692454029315
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQU7+4U6v4zxNSJ1xLpxCN+VJ2LEzYZQ+q2Q7:XDFhhKYaV3JU7+IvRKI
                                    MD5:D74D48257C875E6CF12AC3ABF79869CC
                                    SHA1:C58F961A0CBFA2250B50478F8AF6367972941A78
                                    SHA-256:7E9E13F630FE287AB1A259E90C44259229CD2A140C59649A767D0FD5B05EE816
                                    SHA-512:3B7190C1CB5CF13C75F8D5B9A5D54817E10635102A2928F7CD3C673E94ADAD885DD2A59E14AAAB7EDA5C1C50249C8EC7FAD7A9C0344F912A19A8EEEE92E90B99
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k....^.....O.....O.x.....=.........y..O==..........g....>9.5~...7..{.K........k..........G.z...k....w.I.:./.i.k.z....k.....c&......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\530.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1228
                                    Entropy (8bit):7.022743931343555
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQAjELJjI9/62M0a/k0HqZVH1hkPIsbxAnifmnvubiSdx:XDFhhKYaV3JAgL1q/OH1Hs7BsbPenv2b
                                    MD5:D09651641DE1875DEFF49CA1ABD01D2F
                                    SHA1:952D02CDE0F23BDB1D97E2212E370958CD45E952
                                    SHA-256:26F4071E503B2755BF9031C6D964D9B4C0042A3F17239F465618E20DB9E66DBE
                                    SHA-512:7B430D989C984553065B531943D5A477D908F14B636BFF4EB0F3299A26B148B275BEA929A69999C0F716CEE16494724CF9B75534C4832CCC6FA3425E08A49A3D
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k...g_~......ON.~..g'...^..~~....WO...../...../..??~............{......{.K........k......y.._..~._...5~....$}...4.5.._...5~._..1...G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._.s.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\531.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1243
                                    Entropy (8bit):6.992238522231614
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQSwTnefGxGJO87xX6HlHkrp4/Lug/2uy3Ou2Qm:XDFhhKYaV3JBTnyJ/oHpg4zj/xsQ
                                    MD5:E2F4554D7C659436C648F4C71FA6A74F
                                    SHA1:62F283B1B3FBC1AC682777CE90B4027EB34888D3
                                    SHA-256:1434E0B5474530C64BBB74D1C4167C7C226E7F47C1984B06E221C77508BC759B
                                    SHA-512:16DA76263D51A6154DA5EEEB77D41F0A4465E7DACCC7A6A3491DD2723A8A65F3CA50CE917BA3538ECAC727E162D7592B77052E198DE93760F2F573DE01B11AA8
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k.........}....OO.|v............~...>O>../._.........../~._.8~.SO.~...../...~...u.._......c?.O}./.Q...k....o..|.....b......k...........B._.w.7.......5~.....,.5~._..~._...5~.7.5~._..~._...5~.....5~..(...z..YK..|...u....)....<_....}N...F.WU.J7..._...u~..:cy....}.{..o...s..{..1.._........w........u......o.....?........v......_.7.K......k.. >..k........w...........h.ch.kb~..........F;..k.........@......B..5...................h.!.1..51.h.k.W.........../......<......F@._..................~..~..~}..k@G.._........k........k../.5~._..~._...5~,.5~._..~._...5~._...5~...._........5~......_...u..o..........).....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\532.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1232
                                    Entropy (8bit):7.058332668982316
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQmABGnC5KC4DcFAiuY8C+ZkdWa7DUbrckVAd:XDFhhKYaV3JWOKC4Diz8ChWYyctd
                                    MD5:DA9F11D8E801A04C23AC4D3B7C3CFFBD
                                    SHA1:40B9CA3CF4A774761F93048866B232368EC63785
                                    SHA-256:3B6CE80E4EAACCC17C656BD64A2EF55C8A49736E4C766A55410FB7AAC56DF016
                                    SHA-512:49E6FBBF2E416F97F867C3949FACB03AA249BD34F1DCA4BC6EABD4861295B3241976EB9642F03421330AD83C365975A731BE43AA173DEF573A7610E3C9478AC4
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k...........u|....._>;y...x..._.....'.<....O......o..z......_.8~.SO....._..?._..~...5~._...{.........?....~._......O..y}YL._......_....?.3..}..50Qh........?.......c..%...k..o.k.....F...k..o.k....o.........r.\/.:ki...9..z..7"...z...Y^...iZ.....jA..Uv...:....Ag,/4@...}...o.vn`... ....................Y.............u...........!:....k..x........5~._...]~.......o..9.5.........M...~M............h.t........o....C._.S.v........7.._........ .?.v.&f..~.......o..|..........a.1..5..h.k...........5......../......~... ...6qB.....~._........5~.......k....k........k....k....}.k........k..?.......c....k......m....7..Z..7."...E5

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\533.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1241
                                    Entropy (8bit):6.9927680610965055
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQAjeZvLjI9/62M0a/k0HqZVH1hkPIsbxCxqVJjjS:XDFhhKYaV3Jtnq/OH1Hs7BsbJS
                                    MD5:8F4A765654CA5422C08DBEE1BC0BD9B9
                                    SHA1:31B3A8AD34BF5DFCA3A2DC2474A9E1BF1DD7117B
                                    SHA-256:3BD65D14B86340FD12B0E47BA08A97A692AE86F83C65C832F711C8A50FAF9487
                                    SHA-512:B79F158C53A747AABEE85651F12A8715AE50BB05711218EBF80116DD9329EF9714D2DF0CD9DFC1F6F11FC93BCDA436F917CFC51A17204B5161B700076098B573
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.......~._...5...../..~.../O.}..._~.'N^|~...w~.'.?uv............../....'?..._....x...K........k.........?._..~._...5~....$}...4.5.._...5~._..1...G._...v....o..c....k..?...X.k.........k..o.k........k.F...k...Q ..."...f.......y#R...y...........^....n^eW.......t..B.t........va......b.............H..............0._................K..o........_...5A|..........F._.......0..................v@...o.....F;..1..51.h.k.7.......z.5.........B.ch.kb...........F;...._......x...C._...v........7.._.?.......B).............o.'4.......5~......_...._.k.........k.X.k.........k..G...k.......c...k..?..........&...../.e;.S,.y]T._

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\534.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1227
                                    Entropy (8bit):7.040572543223151
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQt3grSsrf2shjZCcHNmuS39kxzHc8UYtDEyR6kIXb9w4:XDFhhKYaV3Jt+PuCCsm8y8rZElgvE
                                    MD5:2FB6924B6D92B9298B9A9C5CEB1A3EA8
                                    SHA1:FAE53C6156356196680226081F86CB38EBA837C2
                                    SHA-256:45A894C5E731E8CC43201042F9560873CAE9B04B26A01786C2269AC2353F8EFC
                                    SHA-512:A49D6FE9C7341B048D1F0ADEEEF9D53DAE37066D7FBD726FEF0F7FB7E4082C92FAA58C45C669C74434682605CFE44ABB9EFE52A782A00F19CFEB787089F87FA3
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k......z...k..._............~......O_?}v....WON....:>........./~.'/....._...W..../..?.......w.9..o./........z...k....'..,..........k......>....(..u~.x.....~._...1..._...5~.7.5~._..~._...5~.7.5~._.7.M~._.....9]..y..4...._........~....,....4..o.zU..t.*..u~._.w..3.......gH....;7...}....u..........}@.~..\....k...............`...___.5~......o.k...............7z.............?.v.&...~.......o...........7.....)D._..........._......v...C._...v........7.A.........o........`...5.....................J......?..t...u~.8....N...k....k......_...5~.w.5~._..._...5~.w.5~._..>.5~._..~...5~....~._........5~._.o.6q....~Q-...b.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\535.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1417
                                    Category:dropped
                                    Size (bytes):1222
                                    Entropy (8bit):7.062897118774239
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ3Z+ThqsspNBGzXmSy7JDpHaf5cUOJjbrwnS2n:XDFhhKYaV3JpH7gzWP6xcUN
                                    MD5:810DB7320C27DFB09C191D5077F0E0DA
                                    SHA1:9EF6512BE3A7F2CF4A1247EAB98F608D6DE3F77E
                                    SHA-256:E36E6023F6B57AAB16CC9EB84FF644CA39B6C8D9944C47D5D9917FF903AC8A4E
                                    SHA-512:4C59EDDE21093980C03F59E0CEDDE5B9D5354645AB5182F3B5553D4C4DEEC426EB1E0597DCAD49F40CF8EAFAE750702949D7F3C873F5B0FF2E18458375F78B73
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k.......~._...5.^.}...._.?.....z..........._.^g....~.......8......._.}....:=.5....o.W....7.._...5~.?......o........z...k...;...._...5~._...tL........<...;oD....o.k......?......c...k..?.......c...k....o.k....w...r...In..t....w..H..}./gy..>.Ym~......W.....:.c........>.=C..]..........?......;n..B.._f.:...._.7.L.......................%...~._...5~M..t.5........;...........L4.1..51?h.k.w.........5......... ...~ML!..........h..~.......o.........e..5...........k.........d......#..._......x..........F...?.v.>..5.".......w..w.5~._..~._...5~.......c...k..?......c...k..?...k..?....k....k........k..x.C....j......e^.......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\536.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1243
                                    Entropy (8bit):7.012388866820575
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQgun1GYVyVeYTmfVHMhfgXwrPmT7sILoYhWfCJs:XDFhhKYaV3J51amtHMhewrBuoYcKi
                                    MD5:430FF499145D30FA8C916AF725701547
                                    SHA1:D565C26BE893C1E0396C164E3418ABEB71D8B408
                                    SHA-256:6A6DA42E4AF088C413ACF17B85BF7CF9A4028B70BFAA2B8624CE90DC883D6D87
                                    SHA-512:25CC9293AFB25261A13441755B5A4E8B167FCFEF304549A3C97A6D6FF8171AE5D8C37185A53895DBFB2B0E14D9B49B8A44F9DE9509F6D10C69693B2D8F8EEB45
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....}...:...k.|...........ON.~..g.../...O.........~y.SO._....x}|.{=......|q....k......;.O..o.c...k..../}.........~._...5~C..............:f...h.k`......7..|..7.5~._..@..K~._........5~....~._........5~...7.5~._.;..t.^.u..,7_s..]..;oD....>....u..6...U.......u~..1..X^h..o...!..........A.............7..)../.r.........&....O........]Ct~}}........c....k...&..............r.k........&..........5...................h..?.v.&...~.......o.Co........7.A....~M.2..........h...5...........ch.k....../......<..k........_(..C._......@...m..?.;.....c...k..?..~._........5~..K.._........5~......5~...._...5~.w.5~._..~._...5~]....!..o.E.l.o.E.2..j..`N

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\537.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):1239
                                    Entropy (8bit):6.983404234474269
                                    Encrypted:false
                                    SSDEEP:24:XDFushnKs3Y+mea3yc3UQ/dhid4zxNSJ1xLpxCN+VJ2LEzYXH8nIVrY/Xn:XDFhhKYaV3JmdRKXH8nKUXn
                                    MD5:E2B631804782E9D8198409BA2B3E48D6
                                    SHA1:0E446F865431339D714AEFA1826BF3A083118D3F
                                    SHA-256:241DFA7BEA59898FE521825564C824F9480DF2A8C9C2C58D9E28CD5D78AA5D50
                                    SHA-512:EE077D9F49F81E12EC0E5794398020725BA9E179B2E9BCA90C5690A44BB052EF809DF20796488E50F10561AE614FB7636F11CCE7C7CB5EAD7BBA4605CA1F11AC
                                    Malicious:false
                                    Preview:............`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"~._...5~.......o...~._...5~...??y.z|R...?..MQ-?....Qz...u.....m.....zR...+.~S...-.e..../. .|.*k.gE....k..?...f.i{...9.fy..^.u....O...i[\.O.6...._.m......i..1....oi..v..<?/..o.E.|]..WY..P~._...5~._...5~...7.].Q.^..}..7.5./h......k....=..~._...5.^~.'..??......|.{=}.{..>~v.....;O....O......?.{=....../_...S......_...N.._..~...5~._..........._...5~._.7.. .k.z....k.....c&......&..~..y#....~._...5~.4.....5~......_........5~......_....~._...5..@N..E^g-.r.5...Eo..F.@._..|9.._.9Mk...^U-(..~._....#..................}..............qC..._.2+.........`...........o?.5D...~.../..?.......k.....?.......!g........7`.....A._.................v..ch.kb.....o.....F;..k................,..._......v.._........ .?.v.&...~.......o.C.........7..R.1........D...&Nh..c...k..?.;.....c....5~...]~._.......5~...].._.....~._......5~._..~._...5~.w.5~._.....M." .._T.v..X./.f.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\538.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):728
                                    Entropy (8bit):7.744838331316132
                                    Encrypted:false
                                    SSDEEP:12:Xv9+hFHIo0kebwyZjUU0Fol/ztTAtB0NOGx2pUlV4NByNif4D/Fg6xTgS7p0O25v:X1+hWGOULFoJpsz0xl+eif4D/F1xTgSW
                                    MD5:65C4BC5FA54A31617B2BE6D51C05DE27
                                    SHA1:E5638AD175723A8595FFC76C545FFC98ACA34AA8
                                    SHA-256:A2B9E31C5152381CD10097FE5ABED9E22F406442521CE2BA9DC277DD4425BE23
                                    SHA-512:52C92553B3453FC840627FEF7298359C621C2F537697942384C8DEBD5475197AB2E35D0000EFD6C8B2B622AADEF7BB10ADEB512CFDD813BC2B7B7F0D1E2F60BD
                                    Malicious:false
                                    Preview:...........SKO.Q..+...E..(P^..FC4.%M.O...SP0...V&Ng.t.D.n|.....W.dg.+...B....J...........~.1......6`...g.@$.O.%)..iQ6....WdM.<.8....6....JMC.+~_.Q...].iW.:...b..."..-f.....u....Y0."|X+R..I......R...y.F..W.,Q......Qv...x`k...4]*...?%..V2..:e.........{....%l.. ...-.-.....&.c...pB..F.8<..P:...b.........pj,!.bbh8+...p.[.~.;..p. .....g.+7..>...O..<.N.;0.....v.n...7...u:........./.t+.0..U.2..............T-R..m.x.9...J6........6.*X.F.V$\=.=y-.....p.......I..9G+...5p.=uc'g.n.6..B~@.*.g.;L0._.....t.y..C..0.u$>3...yj.O.yWw.5.........jG....5n.u.!.#t t"......z.z......$.....9.L3T.."..P.P.....oR3sA.Y1.9...q....F^.;.6}...(H:.....k.....k`7._=.>..$]..C..@.\..$...........a.;R.....Pl.5..c.d......m....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\539.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):736
                                    Entropy (8bit):7.723599323999286
                                    Encrypted:false
                                    SSDEEP:12:Xfl4XGECZsnHvh7zmxqvczLYy63u0qOakV7+UsZB9ODAIWG/Uvkpi+6BzKH:XN4WnZGpK6Tq+gUsTApwk4KH
                                    MD5:24C1A4078A0B9DFD1E7EF175000BC072
                                    SHA1:1B66A3A74DB48B6B61820E15C971F4F91B08ABEF
                                    SHA-256:4D93B9F092A6B7718500B955926CE53C98368BEC7429DEF99E74A730F2C4A16A
                                    SHA-512:93B1E6BA4F0FC950E0F3C6676B67F48CF706645573FBE459D9D5B51E19BBAA39DB9BADC88C63709907E24862895663F790BE41E18922747E6AE843EA6E8FA99B
                                    Malicious:false
                                    Preview:...........TML.A.....E..A`.;Y..h4..vK[(.M..0...TV..d..r1.`0.....<x..U...cbb..CO.h..).)=...v.....{3....~.O.|M..p|T..dRE...$5K.......; J.f.&..m.9- f.9M.'...@.A..4.....=...Y4.j...w.4.;o.Gy.P...d.T....B..-u.F.;Xk,S.....J.*..4.rxg.0.4](.yz(..Q..s&e...............,.. ......gN..x...&"#..Hj,...HlDJ.e3S...$Gb3.......h2...g.c..L<.]\P}.....^V.5.......^...(Ss..'.....`..N.n'...l.7..v!Tj.A.".........dH....YP......5N.k'..P.1.m-..E...R6...|G.t...%L.H...'\m....{..8.e..b`q.K9.......................o.........W..0]e.}..Vu....%>2........q7...U......9[.[........."t"t!t#..=...}....X].h..@...q.H3.T.....Z..._....................B.....vG...~/D......v~..........",.....D:.......!...y _..q..d.#......S....3r..&..#.kH.........

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\540.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):726
                                    Entropy (8bit):7.707381661077072
                                    Encrypted:false
                                    SSDEEP:12:XMVdAZ1OkScsyBEXfSosbtkdcsEeaSPUiXPRiyWlC5yrL/OUeC+O2YeBEkZxhZ/o:XMVd81OAjp5bFsGeUkiVlkKWCfReB7Eb
                                    MD5:26DDC98DD984EF23F384E50D22F2368D
                                    SHA1:6F7809BC41CB82B7649B311F4FA4BB55DEF9D75E
                                    SHA-256:9A34D694A41723B8FDC15F0795C06E16E80AAC62F4DC6DB84DA3BFE1F3DB5D98
                                    SHA-512:E4EC85A66C4D4A027413F714D2CEE5CF3E032A8466DA310E97DC782540BBDACEC70083BD5D44EFA764CC6933C6DA847223AFB9F6B3914C4091ED297F9D307B01
                                    Malicious:false
                                    Preview:...........SKL.A...E..@.(.[.`|D........nE..R.SY...n.../.....xGO.x4.G.zP.g.h<../.X...l........3....~..7.`.@B.K.%).7.....45...........-..:.Q.4.j$<e-.J.,]..W.6.Y...=.Eb/*.&M)*...7e.U2..|\....$.P.K.d.LK.R.....%jV.@.)'.......^..rY)...E....T4(.......G...K.,..bCB.......z........NO..(..b..T29....... L..x&'..)Q...8..9.......(.O.+]3k7.n.....a..5(..=.xND..{P.].L..i.X..`...@.".p...&X..fU.Q4.5...o..(.{.j25\i..jP....X...x.?...C...j.nG....;.....k.Nz...\O..Zt~..;.....S7v.u.fa./.;..b..|..c.....W....].....t....tdG.tt..y.w.B..c}....<....B....m......=...a.>.~...A.!..z4../.k.bA..)j(....T.v....4#F0+.;.sd.e...[1...k;...e.*......[@......W..O..H.##.i...=..~F...:..>3...#..y...>.....C...#...<#......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\541.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):735
                                    Entropy (8bit):7.701373262505341
                                    Encrypted:false
                                    SSDEEP:12:X+fn3+Cd6WTe/LMROoy8wm1JHXYwF5+XHWd1q4LqVja6AZmjIFuU:XpCd6p8HHIxXWTqLjZAZw2
                                    MD5:AA40362E50BAD16310CCD0C9746F66D5
                                    SHA1:A7F004422A8EACE4ABED72ECF5281B2F814D9136
                                    SHA-256:4B89E85E12AB78FC008507CC7F98A56D9815A9478BB7066BA6FF50805BE824D4
                                    SHA-512:7E3954B35E5C91261817601B3089A6814B10FCBA919FEECC4ED7567F0105578ACEDD60CBAB3C3C88E71DAD7F919DFD0451C248CB6D45315E1C14A000450BA397
                                    Malicious:false
                                    Preview:...........TKL.A...E..`.R^..H..DI..>.P.XD.(.c*..]...I..c.1....7......8x....^..4p4....Y,Rzp..v..7...?3....~C.'6.>.x,5&JRD.iE6.I..eM....._8$..a.tH.....p(g...<J.&..T.RMEq`...H.A+..A..B= ..t.b...8/j...9..e.j Q..!..8p...K.{..a%n.<l(,....k5..V.2=..UI...E..W...x.p....."d.t... ..B.6..S'..<...%aT..1+.G2B2.....x2VH....t>v~J.KeR..p2....0....]......D.....K...N..@K!..s`.8]..NG..P.e.:...7......{.|.~...t;@..I.f..E.JS....l.Ma.).V....m........Bq....M.D.....f.V$..........p.[....Igf8w;....X.w..<..YX|....!6.=#.a.1..n...K.u..:._..l....Kc..].......:W.}..(..y..3w...!...B.A.E.C.G.......g4...k4GuY..8.....<..}.D...b.s.=.v?J.........Q...W..w...GI....-.&.=..C.;K...._DI/#g.........}..HlK.......z.M...d.`.T.....R.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\542.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):725
                                    Entropy (8bit):7.676678516545476
                                    Encrypted:false
                                    SSDEEP:12:XXvbtPzu9EpiU5TFf2z5exQi8K+RIOEQaqhBOqrQ9JBBF8zhigW2ZH7Ao9+RF7Uz:XXvJbuGpiuTFf2teqG+C3q3Oqcmzh2KX
                                    MD5:FF1692EB387BB0F7C17092DFF79FE2E8
                                    SHA1:8C79915F47258191B0C339CCDDB7EB718A437F40
                                    SHA-256:C62452409FD412FB24AE8FF8AF7CE8282CD1891CD19F0AD196F4E31E91D7986B
                                    SHA-512:71B2486184006DEAAEEE157B44017CF2DE00B6EBAA7544CD3B9DD8FB0EC3E52CC6676C9FBE4F80480C383DABB2B9F857EA444EE2E1F71434982CC34292CACD46
                                    Malicious:false
                                    Preview:...........T.O.P.o..Q41.e./..E...%K..)P:VD.1d.wR.Z.Z>^./&D..>...>..?...'M....%>..=......_.~.w.....2,.0...;^......N.r<e.E.b.qbVUC.?.?..X4ek.m.~..Y.b.=...!.0f.!z.nk..-#...(..E2.F. ..LC.K.4.2...9.2U.Vx.\&%K.%i.../..U...C%mU.t.\8.3.lT.T..%rHTu.([sE..GaX....a}...K.,7nbC.,">....z.......!iL..0$I)Q.2....@......|2[.....Q.3.T6...A..(2..]2W|~..<y.<..\Y.y...F..21g.p....=.w..E.v..\G..^....q.!..B..N...R.....hAk.....yQ.;>Kt...a..jH.1,...s...oPN|{A..=.h.q.......[...Io....-j6..d|m...l...S7^.o....c_.`Q........W.pu.T..=....Lu.X.:vG.ruk.yW....S}.......B.#.........N.(B.B7B.B/B.v.W4q< ..5=.VH....p8.U..+.s..Z..I.....A|.w...x1.F(9.........l'%_....c..(%. ........l.%c......t=.C..@n...<...^JN..e...:2....;....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\543.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):731
                                    Entropy (8bit):7.66855892556756
                                    Encrypted:false
                                    SSDEEP:12:X/OwIbtmxmjOG+mexbLqexl086KSxf6BECorIexn/ZN4EzZfoAjLdd9U8d41DYSQ:XDIbtuGQZ+c0aNozxwEz1Vd9U8d4RQ
                                    MD5:F8D6B9E107CFB3BBF56E7F0F7B98F6DA
                                    SHA1:B6E77679BB4380124D64A2D12BDEAF87BE7B8993
                                    SHA-256:31E25479D95F47B7991C057D2C2BE3774E62A67A5D15D25BBCAC85101832093D
                                    SHA-512:47AE46FC399369AE02E7088D87CAE05D1D21D63625AB5FBB2E5B0CE5D0AA9E285DA9B06E385863949D4CA26C4F7CC3A8ACB2AF56E602173E21A3B9A6BA8289FA
                                    Malicious:false
                                    Preview:...........TMO.A.....E..QJ..bm$..(i.-.ck. b.).T6nw.v...0.x../PO..p0....J...E...o.....X...4....g...wf.#.....Ol...D4..KR8..l...T..::.>..P0n*...Q...^RB..9....]..nSuT5..!.."....K.M..u..]..Y6..|\.P..I......j....A...l^,Q.......Qs.al....V.b.*...JZ./..G..s.#.....!..X.?A...:.:...x.\.J.b...fE1.........|.(%...MM...D.0...b*...3i..$.x..r; ...........Fg....`..N`...V..6...m....].V.=.^....w..`..I.f..%.JS....l.Ma.4U+Twda[.>.f.d.X..y.X.;...u.{....g{v'.coo!v....v9...FI1.....bw....O.z...7...u!. ...gd.....c...:ok{t^[...#..tdG.u_.....m.....9..F.#..m........>. B?.....A.!...h..@NS....F.T......Z....1_.{......2...K....FH....]{...|.8B.....Q.?.u.I.......n.....d.....9..9..`.G ....].D.....?~._X=...#.7..?..p....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\544.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):729
                                    Entropy (8bit):7.654453008443303
                                    Encrypted:false
                                    SSDEEP:12:Xv9+EPlAdn2ScX8wO+7IyoFTdPXynpKlc37YsVkzoRppFx1CYbgjj1JR7f6jQ9a7:X1+r2ZX8wl7I7F5MkKUsVkMRppL1CYbn
                                    MD5:D45730278C7CA9F448844F9C0F2C5347
                                    SHA1:86D7D8B1AF408582806B49815FF47B68ACEF7B87
                                    SHA-256:47BDD60BFA042E08BAFBE2327EEEA564CE969643296BAA33B1C19FFCED96EE1A
                                    SHA-512:97E9302DD1F07B30BE545E2ADE42173632983C47C1F50BC4F738F42FABFE483B847A76505EAA7A994ECC8BA5A8DE8C9B9F31093DA93AABBCC318F2F196BEDB10
                                    Malicious:false
                                    Preview:...........SKO.Q..+...E..(ex.0......f..Z...D.!............+7.t.s...KM..$&n5F.A..[..[,R.p....w...3......~.o|<...R".Q.@.%.......<.8.?...*.e.F-.(T.b....Q...oR-.Y...-}....r.....u..1..U4/G..^...SLC.nxc.2-..<..w.y.B......f...#;..^.r.....)z.\(..}.G..s.#.o..%B.k.!^...$t.t....x.\L...T2&..r*....#rDR&.c.L6..O.K..N.s.x2.Kc..$O.R....].+...\.<........BgD...P8..../...v.....m.X..P.....A..Nw..0..fU.Q0.5...o..(..Z....lk...&N.r....O.('......o5_w........[.a.....6.>_.Xtz.st.;a.e..n.........`..........s5t.LW?o.{t....................[m..._...q..P.X.F...I....B/....0.0.0....m...u..U.....x......}.e..-3D0+.].X..]......#.!...].=..^F........'!"2r.b#..@.1....t...g..H?#g...F~ M.....b.^<z+B.!F^m".....+.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\545.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):726
                                    Entropy (8bit):7.72820156378409
                                    Encrypted:false
                                    SSDEEP:12:XIBH9f0d3/Bqdvk20gERofbBXjBm+Za7dL0NdSG117j7jb0mid7I5VILH:XIBdf0l/BXgERcZjBbZaZot17jHWdk5w
                                    MD5:A46BF28AE9CA0E8C4ED08BC7DE7518DD
                                    SHA1:A2CCFBAFCDDC19034E0F651047B7EE0AE858BABE
                                    SHA-256:4F01DEE34A7162D54F95A53E7915462F7552EAFB8A8374C3FC38B19D643227BE
                                    SHA-512:C1B76E0FDC2051FB731C4796D06517CF242A3AC9287FBB6CF0F8871AB68998585B137644297C918A1E18CE99647886182537F02F92D2149AE6FBFBFAF29DDDE5
                                    Malicious:false
                                    Preview:...........SIo.@........X.4.nQXD...(q.....E.J...p..S...H....E...S.=q.c...8..P{..{..4..G...o...f.#.......x..b.dF...hPY1....*..:.<..._.T.2hH..i....S..y.4._.ZH.T.)}[2....E.&..:A..7t.*.../.2u.d..v../.i.Tj4.....5.. `(.....K.6G).B..R.{..&.es.hP.).!....8..;[.*..`C...?H....=9*.08.K_...h,..D..T<..LL.#.B..O.H...8&f..IDs.\4........?W.N.dy}.......A.?.Kt./Q...`..~*Xo......|_G....@....F. xq.w...$q.P.hBk....X..)...L.[.....t.'..."..G...6.T..v..L8{pk.f...b.6.w.....Egg9..v'l.l....9{p.......Rl.{F...s....oLW?ok.t..+.....#.:OS....m:oS.....u....C........^.>..B?..a.a.a.a.a...+:d..5s~R..qj(.......W......7.0.............!V|..&V..I?#.!...0.3r...B....0.`d......o%....H....,..f...}.U....&#..n!...........

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\546.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):725
                                    Entropy (8bit):7.725963863811352
                                    Encrypted:false
                                    SSDEEP:12:XMOyWuoZxegx8mhLy8J6IKa0ZVsKVBiEuqFC9Op6rWji7qh58U9u8ufg/:XMOu+xtx84Lyc6IslBiEXC9OpO7s5Zug
                                    MD5:E6F761C827FD943C7BFFF99612659527
                                    SHA1:8D95823A97DD576C522CC288C21663E9DC0001C1
                                    SHA-256:7224E2FC9D7E3D38337F4A0E928EF53F30CC13814BCCCE5A046DD06939CA8D87
                                    SHA-512:5B364B758D82B2FA88BDAE05F1254A5D9E4CA903BD8FB7E9E9BFF22B25114A4A05272B7B5149DC8B44709C1EE93481BE41AE7CB7E415DE600BA8CFF3E0DD5C34
                                    Malicious:false
                                    Preview:...........S.k.A.....VA..J..S....Z.n~.1Ic.T."5.N..fW6....<.z....[....H...A...*.I....i.n.o'.|.....p....7<.C..R&.P.X..F...l.5......_4..ub[x..6..z4\..t.r..L...1f..}{"..V....5...._.L...$.0U..5.X.qSLU..B.%.....f..z..t.&I......Y..V.G..U.\.0...!....|b..%.,s..........:...x:9?......,$..r:3!..HJJ.*...TiZJ.&..|i..I.\N.HR).......}~....V[{).?...'x./..l-...w4.0...f.t.m.z.>..... @.@.NwR. ).a.L.5...7dk_.x'd..b..m...;&...Ty.........P..V.H.zbor'v..0<;......z.....9_'...m....7...Y`>..~..;..t.1....n......>]..}e...d:...9./...DG..w._...9zP(....3.......................M..y. ..Z.....*...j......Z#O....B..tt.~...<..>F.......O....X.<5.[}.GaFn.'.=%...8.`d...AF...!F~@...F^..>.nl.....9.".....".....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\547.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):733
                                    Entropy (8bit):7.7210018916616034
                                    Encrypted:false
                                    SSDEEP:12:Xv9kpiZcECdEN13tsXCwZzw6RM42h0pdsk0tpE8taT59LMcoiGioKgISaWfZ3yHD:X1kvd+196NwEFetpva19YsQ4H83tu7
                                    MD5:837FD7A98EDDCE0F70C795AC46180F35
                                    SHA1:D44671649FD52BC34F1AB30A5ECF8504A4F141B2
                                    SHA-256:D656D2443B40772624CB71775DCB891D6D2AACF3D457DB23F1C2C76B9CF15BFA
                                    SHA-512:3A4C96D1045384993EB98E2890BC126C7A5655E67B90EC61F9859F7A7D208A6FD92B5C0CA762E00D78A371997BCA7A71A8C5EC92E6F505A433B335FBE4AF5975
                                    Malicious:false
                                    Preview:...........SKO.Q..+.w.R...Jy.....f....)-A..,.[.8.!."q..D...&>.].d...W.e..7.B...=..b...on...s.9.^.p....|..=.....x>...TV.Pp...E.".......-....e..5..Z.R....m.E4KUm.2./.{Q9W0iJQ..$....V..I.q].n......%K%Z4.*M.w.qq...7.0..f.....{..^.R.....\..z.\*..}.G..s.#N_..........A......].0h.ap9;:%..#1Q.....J.dn"...r.T,9...3.Qa<...R.0&.2.4....w..u...Y.-..........s......qbw....5..]..|WK....D....A.".p...FY..f..Q0.5...o......>L5..6...../.&NVr.%...4...]PA.....2......w....'.U.l..ZP-:7.9...m..K7_......c_./H.........W..~0].m..y..LW;.....u..._..|u...........F....];s..]...n. B.B/B.B?..v.W..xt\..I.L..Pt...pm._....#.....B<y..J...y.b-p.kb.Y.t3r.b......Q.d.6......Q....i {....8."........t... g?#.....r...(.`.L.......E....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\548.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):727
                                    Entropy (8bit):7.669690218411782
                                    Encrypted:false
                                    SSDEEP:12:XIh2M2sVqr/DcELYz7bZuNbytX3ShUBTUcI94gNpP1yGKb/Cl9Dti2hk7OCuGNDc:XIhOJAEc/N2ytX3SOTzI94gNpP/9Dt2M
                                    MD5:BCDBC3A66EFFAF33A083537DB5E28542
                                    SHA1:9576A677AD5379134B56C8BCF657416FDF921581
                                    SHA-256:A9B174C71F32BF4267BB7E4DB314128C06EFD9AF2F8EA107B99B1A77E3FC510D
                                    SHA-512:EADD3A52FBA82935E0141FAAAB4ACF0515C3C21C58016CC0242D9E76D59163205DBC3A767560C80B797F5416F4378A34E8075CFD5117707E423196C1E8D0DBAE
                                    Malicious:false
                                    Preview:...........SIo.@......J%TD....D.@b..Q.]...U. T.xB-..r.=s....qa="...'~C....K.eS+qE0/....9.h>O......0.a...7<.6.)>+$e9.4..Z...6.....E../.N.e.8.c.2.Z$,..Z..k..-..t[.\.2...}a%_.pF..H..i(v..O.IC.>8.-S.o...2.Yj...w..X.V.G..URV.K......Q.b......F.Z)..~....2.A.`..).(.CA...>.k'.~..(...... dyAL....$$^....$....?[.s|....2"?!.S.X........u..E.,...x{d...?.Y....Y#.#.M...h..n..&A...2o.................&...nW.Y.Hi...o..:).....M.@.Z......|q.e.M...T!......{.p..n.a.v.....u......O....mbvx..F.Nh....~..;....d.>..|............}...HlQ...........n.1..:w.3z.({.y..3...................Cu....#9C............$k..o..m........+0).L.W..(D.U../.|.=..>J.&..w.[...Q...d=....q.O..j .(..H.R.#!.K....$..%.H...=...8...|....~......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\549.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):734
                                    Entropy (8bit):7.778957360418689
                                    Encrypted:false
                                    SSDEEP:12:Xv9+KA8MkYJpJS0lN0adfyS+RH5A4/kVnU2MNhS31AOGpYbExj76GwYA8kdPM7:X1+KxY7J7N006l+nU01rGWbEllwT8ks
                                    MD5:BE72E2128ACD2B60F7EF2ACF517A8956
                                    SHA1:4027A9B3FF97F6083861A0571E30ACE62BB637EF
                                    SHA-256:FF2DE2CCCE4E8C78C0D7336A8FFF95AB46642BA077CE0097F33127ED69F05186
                                    SHA-512:FC9BC3C2038111285ECE5C1954B6E93B17A9F768176FACEF1BD16CD055989A328A454F2C899B20725751D4533E07594AB77FBED97F551C27C493DB2BDDD731BB
                                    Malicious:false
                                    Preview:...........SKO.Q..+...E...<7.F._D.f......b.`....v.Lg...&...5.$.........P..H..=..."..gr.{..y..r.......k.@X.%B./.QI..I.UdU...N......nh.PC..%.'m...(].WoQ.....Cv...*e.:..%j..=...Q.G.|H.....&+7.b..t.J....w.R.....RX/..4.xh{6..i.X...`RV.jQ..k...G..s.#6w..%B...!n..?$....9=$.09....&..1.J..GS.p"...ND.2.i..M.....b.X4%...cb*..s.Nh.|.6...8O....[.'..q..x.T.B.D..c=.5.."....uc.v.B....'....;...gA".Q.Z^..T.w.1[.wB.*..,...+;..X...y.?...C..=.h...W..Ln...B4.&..f9...j.d..i....e...N...........b..3..&...a.1].}.s../LW;..LG.u.S..>.]:...X.w._...<zX(..q.kg................E.&..'UE....4M5Y.x\....J.9.<... ...].[\...-=..NF..M.-...<...F..%...o.=...#7.~.z..>.$@...L._{^h.@.0r...2.=.....wO..c...k[j.I. {?#...?.A.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\550.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):738
                                    Entropy (8bit):7.692125409516789
                                    Encrypted:false
                                    SSDEEP:12:XLuZFdK5W1TPNgm4rh954TCvYy7W5CMe3+s3aVRw6U7oe1gawLluJPkGBr:XKE5W1ZAhKIjW5CMxI1gawLgJP5r
                                    MD5:DD1183D085778F6BD23A3632799EBFCB
                                    SHA1:650C497E2DC924685846A6852D80B407FE8DB7A1
                                    SHA-256:3D3FC675A647C6304736F38F3CD74411A372082517C3A4BBE01149DC7848B72A
                                    SHA-512:0A7B849B27E785A8E6F5FB8D023F0E5489A56A0DCAB3B9B3D58435ABA4E50651B976AC9902E2EE259B2AA377D78DD4E509CB4CE86D307CE31B914B0793FEDCF1
                                    Malicious:false
                                    Preview:...........SKL.Q..'......(0....,0Jl.N..... `...UF.3d:S$1.....O".LdcX.W.\.qkb..B`kL...EJ.Ns..w.g.}.#.......x..H..dD......./LR...Zp .?...T.2hP..i.T....T%..K..m..5KUm..s_$...l.1E....2.^....G..u.l..v..-.i.T*T..X..L...X.$..bKq...*..h.XT..xJ.d.h....>.#..9.......!.....A..........yX\.IN..RR.g...D:&..Qi,...F.....'.....c..8.....Lb..nl...;]6."...W...v..J.....(....8....w.v..0..i.X..P.....E..[... Q.*Q#gBk..;o..(.}.j.j.0.W^.M.,gs.<.nPN`...7.F..S...b....'.Y.l...S-:;.9[..m....;..pX.|....;.MX`.:wM............t.#..tdO.....r@..>.......V;zX(..q..g..B.B'B....p..........M".M.9?..h...^.q.........K5D0+...........d......wC..C...k`...?|+<.....`.^...f..2.,....y...............I..2r..m.'[.z."}...#=....q....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\551.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):723
                                    Entropy (8bit):7.645279468979766
                                    Encrypted:false
                                    SSDEEP:12:XZdZlSDa5rEgBdSW52VaFguakdPSIzChL6X5DEZ2Hx/pYYpSx4:XZdZlUa5rEgBdSW5Sk9euRRg4
                                    MD5:365A19A665497042C471C9C5DC60A613
                                    SHA1:78EB9A4E529D1919BB852197EED2AF76836524B1
                                    SHA-256:A91C3BEE0A9D71E34DBB83BA58C03055B644ED1DF5C349F8CDE138BCD9026BA7
                                    SHA-512:636531DA0F8FFA3220B86C8AAC0DEB4F95269B2619191E97FF5D2A8D0C8BD5787CAA070FACFB59566CDF4CDDB05624906C7239E1DCE53FBB84E499CD472749FD
                                    Malicious:false
                                    Preview:...........S.N.A.....E......Um..c.....BiK.........<....&^xa4../...|.^@...4..zN.."...f....s.93....~._|B...irF).c.EU....k.11...oTT..v,:aP..zT.;.V.....mjL...{0d.P$...\.)M.~...:.;...S...+.f..'.UZ..U...d.."... ..&.u.....).Fs.V....Q4..Z.l).!........[.,7nbA....$t.t....<t.g.Ws..<..3JVNM.sJR.MJs.. .Jy).(...T.R..".JrIJs..GO.7}~.Dy\.{.6.......e.H.U0N./0.K.F..7...k....}.......!.0.t.@..I.N.Ze.JS....l.Ma.Ij.......C.;..........Z..O.......p..pr7...b...Io....]-..]Z.|].Nxva..[O.w.fa......c.............k...#.....t.#..t.@.ru..~;......y....v.G...gZ..q.z..."..."... ...0..V.g..x"k...V.yji.......+9.!..a..f.`W..o...m<...#..J7zK...8.g.[h;.w.{./.Dd..^..~....8.`d.2}z.....AF.4.C..H\K@.3.zGS..F.6..?.......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\552.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):722
                                    Entropy (8bit):7.685578991653738
                                    Encrypted:false
                                    SSDEEP:12:XP9UL+eia/oScLJHVkoP/dgymSclIu2gCkkSuWTGOhTvOPMAk3cSlmawqcS/umz8:XyyTavcrky/eyhcCu2gdm7SvvcS/Tfiz
                                    MD5:E84FF43F2C2A4D7816C26297BD54B4C0
                                    SHA1:A21FC9B77E2742264DB08001FD7279D6340F747A
                                    SHA-256:F080F0CAE89632639682716AA60933141E185C313227DE182C8D6D6479A4C638
                                    SHA-512:12DD6398E98D6A7652EF6C6723DACC6806BD9B9B8959D65FAAE7F9D904BD50716C2E17F886BA8C318C2B99FFAEE97EC97784F08D0EE9A08081F4BFCA64D8C9F1
                                    Malicious:false
                                    Preview:...........S;o.P.......$....k."@*b ...i.&M.W--.*Mn...#..caaAbA.....;b..3c...b...yHpNz]\.f...|...<|...8.7<..'p. ...$d9.0hY1.)j..]....._8..T.2hT..i..p(o.Ji..L....,Uua.]....E....zA...z.*.cI>.....d.P..A.R.%SY.I..9.ej.}@...4.^..W..F.*.U*J...*..W..A.p.p<G8...._"d.x...$..AB.@........)q<...y1.I...\*'MK..T!%J.S...13...r<...%q"......__.R..x].e..WOk........|H..".N.70.f.......n[7... 4{.C.#...8.N.4."iV..E.ZS..yc..Ea........X......Y/..x.?...C..=.j...w..Nn...!...'.].l.{..Ztn..t.;.....S.v.v......B4.=#_`.1..|..3.5..=:....t.#....`..;.n...m.;g....]...B.....<s'...z.z.B.}.......C.].h..`V..I.J..P.2..P.`_..7.=3....f.`..~.56..wb....`.kQ..{1....`...k..1.b......t5F....L7........'9..7..>........9. ...5.......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\553.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):723
                                    Entropy (8bit):7.6881091504613
                                    Encrypted:false
                                    SSDEEP:12:XrwaLVz++3WficC/kaHIU4R6tkDGQ0eD+hBFAQ44naLbpyf/DzI+gqb8CPPrk:XrwmV+I1cC8us4ODzD+ZAN4naMbzrgqI
                                    MD5:37689EDD93FE74370EEC639612E6761A
                                    SHA1:4656A32981825817686BEE267E7E7609236306E7
                                    SHA-256:D041AAF84613CDA8AAD939D055A1F900E70EDD618147308884350736B5C6BABA
                                    SHA-512:4E8DF523B4B8A91882528DE2F2ADE430FB8B3C47F978F96F4B71CCB4438733A3E22DA8ACF9142CE37A681AE176820DE0BE02E5DAB6F9E29E72BEFEDFD7E673CE
                                    Malicious:false
                                    Preview:...........SKL.A........(P.nM.1..6M..-.....`.)..nw.v...x111&...x.n<a..#..^.(>...D./..H..m.o..|.c...C........uPH'3....R.V5..Lb...F.l..........q...*..H....^.0ob#n...{"..VKe.eM.~*..-S.+d4.L..`O!.f\.K.*..m..)w..`R.P...4...R\9...1k.P.j.|$...Y%Ke..O...x.q...;.D...5hH.......:....<]\.].,.e.b.(fsiQ..-..iJ./.%Y.g&...bn4/%..\H.$q<Y...p...G..>..F..? ..+..Op..E.l-....|..x/hw............=....B.a.t..,.".v.[eB[S..yC..EA..6Tlyrt....`....K<.lQNl...h......&wb....'.].h.w...xv..u.;..n..n...aA./....`..}....W.pt[L.<o_...3.5..'.C........O.vt..y....v;G...nt......................G....A.'...bK3U.6h.s%...N..'.d.`...Zkl...$P/#..=[...>N.>F>.vO....x.@.FnS{....&P?#.4.W..H/(y...nr....}..W:\...9."......^....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\554.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):727
                                    Entropy (8bit):7.650529939180829
                                    Encrypted:false
                                    SSDEEP:12:X4gsFRi+0Oaucdpfec8LOTudYglA9BJ7inuYP0FsLyzaX59Nqk32O/aMmCN:X6w+XIGc8+udYwSfMc2Uc5z332O/aMt
                                    MD5:3FBD1D63C0F48797C31CAEDC93BCEBC4
                                    SHA1:D0CF0C54A053BFDB5EC34F0636D1E156341D5AD4
                                    SHA-256:69097FC8794D4E8929F0093CF4A146C9337B71E8EBC3E4E840BFA481A373E50A
                                    SHA-512:5DD697FFB3C5D7D18CA634CA2553F9A8FC38B9257CFF8F4A1E5178468F8ED578C3114FBF5776F6F7CD6B876E4E0FEB06D9426E358BCC2438580B959F24FFF892
                                    Malicious:false
                                    Preview:...........SML.A.....E..(.....1&Jj..@K..Q..R.SY...,.&..bb........x0.L..G......H<.2......};..{?....8..M.x..j......E.&,.j$"..VM3....A.E.........U.#b.....^.0/`c.u..!..Db/..K..4...._.L....$.0U..=.X.q.,W*.L.y...n...I-@..T...gKiq..*cVq.R..xON3..B.J.f..!..../.s.4...0....Z).....x.8.S.i,..2.i4+I..H>%.S.x1ULI........J<......4.Js'_.v./.........|C...i<+*...#.K...h..^.n.A..lZ7.....{.......0.6..,.l.Ul..mM...........P.....B.E..f.XZ.y.`.r...5(...~=......1B0..=..r@s..%..33......*u.9uc'.;....}A?i.5v.......u.G.......6]..}e.....thS.rt..yW....;...u.v..A.......C...]..."@.@/@.@?..t.<.D.3.27.Uq.[...A...+y.]....Z.AV.v..}.......F^.v....[..nF>.vS_..h.A...\..v.....a..02B3]..fI~F.^F..>F.G..~FN....0r.E....H.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\555.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):724
                                    Entropy (8bit):7.73598094383542
                                    Encrypted:false
                                    SSDEEP:12:XxYCXZu+/VntyM/wh6IN2Hd5c19Lt1PJ0saerkbNv1jaXoXwqtZXrp2A+/mcvQiY:XxYCXZdyXkzM3PJXTwO4Xwqzrpu/muZY
                                    MD5:CB502828D0FFD8991A20BE1D6C0EF3B2
                                    SHA1:A7C9118F29BFF2E70F1656D85BFFC3D07773080E
                                    SHA-256:BBCD3BB2C6FB763E0CF3CBDE91A7258DC558055025E6C1A70E76E1D069F651DF
                                    SHA-512:6992DC5B2DB47AB2CEC375BF77F6431AFA4E0FD947C4F09B589EEA802C6AFCCF9B10687C3A8DD39EBB60586CB833A62435CE501A2533AF394E49509804F94654
                                    Malicious:false
                                    Preview:...........TKO.Q..+.w."..(ex....H$.C.CK.A..,.[.8.1.";6&>6...u......W.\..01...H.i....b....3...1....p.......<. ..tBQ........U.Lcl$:....pt..A..*..!.,.Zq....;..3.]wa..L.F.\..IM.>.....:E{R...J....f....J.hkU*.w.9X.v...LU....4..}0.0.4S*iEzZ...,.+...G...x.p...=.E.r.&.."..@......Q7...3Ss.1=%..qqb2.LH..l*'...../L...Q.dpTN.gd%>#f..En.....M...Y^......n7..\.K.B.*4N..`<..5.=..7...i.7...".<.#....!..N.).d.p..*.`M......o..s...R..m........\a....-...*..V.L.z.p.F....p..IoW...T..C..9o'{'\{.v|..A...,4.}!.!.>{..7.`.:.C..t..sD.h.2].H|a:r..6t...n....O.u...y..G....6.v.. . ..z...>.~...A.!t.#.d<)......4K-.Ty\...W....{yi-F.*&.z@>..0#........Y..2r.?v..../bD`.....W..;@.12B..~F.....F~...[... #.......12...Md....Y.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\556.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):739
                                    Entropy (8bit):7.661472594398708
                                    Encrypted:false
                                    SSDEEP:12:XZtTK3Vsji/ErX5OQODD2mlExcBwNGLOWv/FyUSQX4sG41IFJ2VSEqdc1s3mY7QZ:XZtelytrUhFvqcH3rSFDFwVPqS1sWBH5
                                    MD5:E511D3E99E2A89D391CE9115C64E6ABC
                                    SHA1:A9DE6750FB5F6B4328291DDAA8C6CD564599D2E3
                                    SHA-256:3ADC5EE55C640E552B8D41CAD17882B05CA06EF093201984675024F504DA7052
                                    SHA-512:750DA65372F821E4605D484ABD79ED88BEFB45A4492A336A7A685E38253C10A1E9724B137FCF910A7D05C8CEDA2DE33C47B3CE2840691A277ACC038EF9AEC58E
                                    Malicious:false
                                    Preview:...........S;o.P....;).$TT...-D ...Q..q_I.pUh.......r..,......B,.........?...H....vD.p.{S.M3p......y..{9.q./...... .R.Y.$.ZR.ph..UE.."G.....jZ..j.2....e.YU).............+.{.R.`RIQ..$......9"...D..&...].$.eZ4..*....Y.f...LK.Y..t`{6.Wh.\V.t.Z.d.l....~.#..9..w.k..!....A..r......:y...MfR....f.,H.K&...|>....#..)!.H..$..0........J....8 J..7.{..u..>|g.lH....N..`\......n...w6........{.|.~...t+.(....5.&..........s.Q.D.G.....u.....".....l9T..C...H...w.Z.-Dsl.Io....Z(.......N86.m...<m.Y.|....!6.=#.`.1..5.:...mm..W.}e:.H|a:....t......j.O.y?..s......l.h...F.D."t!....z.z........$....s.J.f...%...jg.J..q....j.`V.v.l=.<xm.v...y...|..z.A.t1...v~......1r......BO..fd.2.TW.>.....s@...r..2.=.s.c.Y(..........#}..z.By....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\557.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):725
                                    Entropy (8bit):7.690694380531414
                                    Encrypted:false
                                    SSDEEP:12:X7+5EMoQPiCIs3wr2mcE1wr5Hmjuqw5d1n/5mGsH4q5I8AIkCi/saCSOyqHB1l0s:X7+5E+avVamcAwEfCnxmGcI8o/saYNlL
                                    MD5:5FB02CE91A75F382496688C98CAC91F6
                                    SHA1:FAAE85C3C58BB82C4A2F5CDE756FB6C08CF2A5C0
                                    SHA-256:074F46C7BC88D105B97019504A51E7DC5EE8D4E3BE4DA29DB1DACB06E5FF9EB1
                                    SHA-512:3B5C1D5DEC76F5E0E80B4B30AC4703BE92D1D68DC5B253487E1C34F8A1F586E5323B89C3F4B0F231C1C3038845EA1FDA006C510BDEBBBD23E8264821B6E9A222
                                    Malicious:false
                                    Preview:...........S;o.P..m.wR(...6u_[..P@.*..&.I...."T...586r..,.......@BbB.......*.0..x.T....7%.i....7...w...#..........d1..+J4nQU.#.Ej.4.8.=....wt..A..*..!...Z9E....jL.....2....Z(.4....._.2U.l.....R?.)....B...-.Z....l.V.]...SU..>6...vfSf.f+..L.e4C1+.b..S8B8.#..../..\.....D. w7@...)7...TQJ'RR2...f...t67..e....RrV./.H.xF..DB.S..y1;;....{YX..\..b|....s..O.....j.p....9.m4..."`.....z}^.F..... B.w..`..L.N.Z%.ZS....l......P..J...M...Z......6.D..jX..v..'\=.;y.{{.q...w....K.C..8o....M..?u. _/n.6..B6.b..3..&..W.o...q.....M...k...LGvt...[k.{t...Kk....<......7.q.............0...(..v.#:8....P.4G-.Ty\....+.....o.;1.Y..,.......1.f.-..O....Obd...`<^.....1"0rs'..!FF ......g12... ...@.0.c+9...]-.c..i!....\.)....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\558.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):730
                                    Entropy (8bit):7.699704325893552
                                    Encrypted:false
                                    SSDEEP:12:Xid5Q6QeDoB+o3IzCMcgyqza1lUlqcfVbrOFbvT6ocR1o4ABinxmZpXTKEMz8k1g:XEQ6Qe07YzMgyqzTqAnOtuntABemZ5GE
                                    MD5:E8D4AD79B93208A7D4CC482202505EE0
                                    SHA1:1EC7CDAEC1A1169524256CFBF11D2EFAF91719DF
                                    SHA-256:B9D78A713B3D9AF5AAFD223BE43E94ADFFE4104465266F4DEE1BF366D8AE5A55
                                    SHA-512:D40E97AED74CB89B23B16E9EBF8A9C9C40BCF39493D09FEDB268DA43EB55D3DCC6EF3BA43931E86F6635265A308ABF59D20DEB6D0D98106CBEF6FF4F12DC94FD
                                    Malicious:false
                                    Preview:...........SMO.Q..'...E..QJ.rU....(....~."....U&Ng.t.@....c..u..+.........;5zoy.EJ...ys......G8....>.r.....S.(....$..ZUR..+..x.}.!.F..j.ZA....,.G....*C.!..L.=..=h)_.i\...$......>....D..&.....eZ....w.1X.z...LKQ..`....YB..L.,....jY_(h.}.G..s.#vO.......l.. ..Y....A+...\j".J$#.l&..g..T$...D.....M...H.. .3c.ld,.........{kv..s.:s{f.../.;t.'R.......Z..x.j.M..Z.F..;B..N......;...dIb.Q.ZA..T.w..ZkS.;.0UJT..`[.n..b5_X.y.|.;...*.=.l...W;..7s.o!.....V5...ZA6..,gog..e../.<.......o.b..gd.&...i..~...\..+...&.....}i..qD.1u......u.G...g.7.~.. t!x...|.=...}.....].h..dZU..q.B.T.......j..?W.>..C..b..0&.....{."^F.....(.|.".\=...">F..........!..H?T.>.7~.....y _t....H.#?5..........[.>........I.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\559.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):736
                                    Entropy (8bit):7.728179643224571
                                    Encrypted:false
                                    SSDEEP:12:Xv9+Fptq+7SbK+mN9ELfS++xVEQBhyFefCgW3s8Xcbr8UX12wRlQjBB49VmSIoYo:X1+FptF7Z+BLK1VEQm1PqrbFxoX49Acz
                                    MD5:3A43A9EDDF8E3F2BB4D9A4C4FE07EA22
                                    SHA1:D5980927FF0B753A2BA82831B3D3071AD3529F13
                                    SHA-256:AF2EDCA8FBB30BA699BB9F726D0BE3A47D29D073DE9679840BD340BF7C43EDC9
                                    SHA-512:6A44A9A120011E01B0099396358C81338B20C9E0857C4A756AD5C4C3D59586B328BAC50EF4156A5606B5ABD5CBF40B5F6F3058D22729C47C19D84DA7D0CB3A6F
                                    Malicious:false
                                    Preview:...........SKO.Q..+...E...Z..Ze.........."b.).L...L).?..s.Q....cX...d..[7...$...9...)]8......=.s....q...7>.}.Qqt"...#:-.F.?E.......i....S1L..Tj.z^...."....v..!.T........h1.7h\V..$....1..#Z..p-k.z..+.h...4....YjT\@...5.N6...m..2M.Jr..L.jV+..y..O...x.p....m..\.....D. ...mhhX.ar6.. ..Q.K.bR"....b.......rR|&)&fD1...\,.M..R..4#%..O...i.(#..?Wj.7..../.9...U0N.;0.3.z...2...l...:........../.t;@....f..y.JS....l.Ma.Q...n..c.x......L~....M...6T...f..H.zdgr+....mB....W.Igg9G;.....w...xXX|....!6.=#_a.1..\............}b.zK.3...y,...k.t^K..1...u.....(..y..=w........G.F.A.E.C.......'5...e.....y\..u%.....O...f.`#.).T......5.+.......&>F...^~.|.......B.....0.fd.2}....>. Lz.9.d.....1...|.H.1r...y........K.....E.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\560.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):736
                                    Entropy (8bit):7.730537438732055
                                    Encrypted:false
                                    SSDEEP:12:XjtiIB4KMG8YP8NGz4SX8076lUD0wAyTP0a06b6EcG0PwVR2INdCNwKvW4BY3vKw:XjtrnMGfP8NGNT6lK0CYaqG0PQ2qdOwL
                                    MD5:D74967730BD11E141643EC9930F266E4
                                    SHA1:84C46C5320DDC637B0FD512FAC91BF8CC4F894AD
                                    SHA-256:1C71C4B99436F080D6E9B17869BB69803BC45AE9FF1CC994C0C80A6B71B5F443
                                    SHA-512:0F43E349D40D4FAFEF7781C28C5B5FA7D5D16A4BFC399895E8345786857D3A3E5C49B1C9EAE9B791A49C7A4C0F3F66D754BDE368071EE3FC69A764AAF31C80C8
                                    Malicious:false
                                    Preview:...........S.O.A....VE..Q`..i..jb.l.m..,tQ.c.t....%..".?@./F=...z0...'.bb.i.(*.N^L..v.EJ.n.~..{.....q...7>.=...L..%.3..YA.<5....C....1.h.&....\1(..E-...N.W....b.);.eb/.fs.MhE...g.4T;o.$>f..s.ej..@.P.yK.P......j..@.P.........F#F......2....k!gR.).!......].[.*./aC...?....64<..ap25zNN'Sbl\NFSr"6...F....g.rbZ.'..t2.I&..y4.....$q..v....,3.7>...o:...7Ig....0N..`\.j.].....;Z.F..7B..^....!.;....K....5s........Z...9.TW..H....a.d9.[.y.h.;..2.=.l...g.o/^.].B..&..V5...J.h........,.t.E.v.,l>.......u.`.:o]............t.#..tdK..4...C...V....s......5ot...C.@.D.B....z.z........E.}.C..&.....f.<N.kg.J.ZzUy..z.`ULv.bq........d.5....*..=...F.A..Y...z.!.#7 .jI#...A..........a........+@.2.C#...)0.t>.}...~F^h }..@".....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\561.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):726
                                    Entropy (8bit):7.663011138475739
                                    Encrypted:false
                                    SSDEEP:12:Xv9ggM0ZsOde4Hi8L1tFJd7RH2mJ5gQytXhciy2+k/345s9OY9jgQlYN+:X1ggM0eQlxZjVB5gQOZP99OY9ELA
                                    MD5:E56657AF6CE9EC0EB0109EC9600BA5B5
                                    SHA1:A0340C93F2F7F75F49D21D0B647EC70E89D70367
                                    SHA-256:CF8F0559EA6C57605A46E58CB3448F06AFC584F78695F0CE88F7CEED697870C9
                                    SHA-512:1FD9EBBDA32AF92740309B953655778B9142F9100AFA0B7BFB9270E04FE755C3C2D51DAFE4909290948D7AA157D89BB7518F1FAFFEE45F0AE556564F4FEDFB0D
                                    Malicious:false
                                    Preview:...........SKO.Q....w......^nl.Y@0J&.N[...m.k.).[....L..Dw.wn..w,Y.p..=...(.b...9..,R.p....w.{.7......~.o|.....OF..P..j...jTU]....._P.Xe.2.F-.(..B.Z....]....6.Y..S....^T./.4....$...+V.....P/...j...R..M.Fe..4/.R......lV<l.^.t<..+t.TR..bJ.z.\-..}.G..s.#.@........A..rv.t...:y.L.s.R"!%...T...O..R\N.g.p<....H%%9..Ks2D.....lodwc..q@.......;/.N..C..,5j`.8]...C..P.0...m...z....{.|.~....9...$.Y.j.LhM......7..s..P..m....t.....*...-....h.j.x=.F..,n.nl!.....v5...Z.l.%.}....!,;.t.E...,l>.....G...`.:....t.....g.3].H.3.9..m.^s..S.....\..:W.}..(..u..g........A@.@.D.B.F....6..t.\......+<..........D.U1.m.7.?.>l..I.#....".g.6...k..7"..y.c....qlC$...B%.VO^..).AF.......G.H......f.".]l....#.6..?[Y....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\562.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):734
                                    Entropy (8bit):7.7042243410601206
                                    Encrypted:false
                                    SSDEEP:12:XIUGCwhPjxiN7g8FFcuFWddb5H0CASTKGJkuaigM9fOMNZugK0n:XIU1whPjcMcFBFWnbBnGDIVkeZHK0
                                    MD5:B64809A74303C7C1BD6E127730D4DC44
                                    SHA1:F8FC8F946521BBF562ACE8D9055701D6992094EA
                                    SHA-256:EBE150E39F540EA60B55D440E98598B678F04635D52E83D0FC2425D832CD6F71
                                    SHA-512:58D78B61BAD5BE27CFEE602335FD0FCCD178203B74AE7E3965298028E3C005A516B50DFD1D63C32EA019566AACCE6C922A61E3F4CA905D2E2A88D7CBFC43EA4E
                                    Malicious:false
                                    Preview:...........SIo.@........X....R.....T..4I.l.e3.*.'."..3N)....8..'. ....7$.'n .e+j..#.K.%.i..5...|o.7..8.7....h....)YQ"..5..C..U.Mc.p..<.l..m.!......=U..cxv...!...\.s.'...x..^.^*..,S..d$...}...K7....E\ z..(...X....]j1R..etv..*i.q.X..x{Z7..Hf..f..!....'.y.4..P. ....Z).....x.8:.=.M....h*.F.#.R:.J..xF.F.*%U)=..K..xT....Qc..=.Y|....;.:.>^.!.....O..lUi.HpS.=.......$..;....z=......... .......a...'.4..=o..<)......-W..k%.\6.lV..3<..k.Nd....i._......w|..!L....f1...j.d..I.....25.<tc#o......~P.+.%....u>G...j..m....2].%.0.Z.........tAG..>...u.6.. Q~W.B.z........ ..............&...M.LO.e..nj<l...J^..4..*..D.g..3..:.ye...Q.#...../...".1r....o...........^U_..=x_D=............2..%=O.U.....y....g..:...+.&.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\563.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):738
                                    Entropy (8bit):7.691214581338291
                                    Encrypted:false
                                    SSDEEP:12:XKEZldPpmdiRw8vvIvB7gfdoVwgf9sstg8UmzpalkqrjQT7IxK0Tt/NeU:XKqdUuNHIvK103S0gAYWoQ3IxK0TJ4U
                                    MD5:0201537D0DBCA15A1B60B10592426236
                                    SHA1:C47BAC8A4E8AF3B210B7A8AE3AB1A3AAD4E9AF15
                                    SHA-256:CB983C8BE9E6C8AD6B1EFE823064870778D4CB6A99FAFB461AE567392F40E441
                                    SHA-512:AE843A749BBE71185E9B1FDC2F5944141B76E418F6A953025408B206F0DF1B2631EA52656AC363D3D0A502DF255CC700493549FF2CFEA1655BEE0F46C3B68DD5
                                    Malicious:false
                                    Preview:...........SKL.Q...........p.T..!.~h.....@...y..v.Lg.$.&n.KT.c..r.;..,L.**..n...EJ.Ns..w.g.}.#.......8..B.H,.N....d..N...*...s..FA74:.PC...;i....U.8...b..&../.{Qi<..\.6...*.9},..U..q/.k.r.5.....i.....i...@.R..E.[....F."..y9G..V..|V..S8B8.#...../.....q.D. s3@....3..K..@,..GR.H *....(&R!.x0.....2..#.....b.......v~}.j3a.[C........1Ig.i...pb..c..U.oA.n.`|G..^....c;......I..DY...(R-.CkJ.;o..(.9B..j.....L.Su.,.g.y.?]...C..=Yo...wO.O^..;B4....F9...r.`......i...O]......c_.O...........Wu?..r...9..oLW9..LG.t..km./.t...sm..u.....B....]9s......].n.n..B.B/B.v.=.D<.W.}nB..$.dU.q..6W...w^.O...Y1.....~..c.t2r.......@.......f.....q3r.l...}a..@...L...teY .F..9....[.K..0.#.S.W.AX..2r......5...........

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\564.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):735
                                    Entropy (8bit):7.7276718316726765
                                    Encrypted:false
                                    SSDEEP:12:Xzn4i/evoKUUBxtVQS9hV+bkuxQ6KKU14lNw0FbvyBONabjUeKExH7xEl:Xz4iGvorAx7p9T+jQpKUcw0EIN6jULE0
                                    MD5:2BDC9C237158CF241B07E9E8482B96CA
                                    SHA1:C661D7F862F0512CA1A5BF5BB44A5A39242C5066
                                    SHA-256:D572C91CD99F8E0E1B14863B04722A1082D2DEEDB8377D421057B686E6C76EB9
                                    SHA-512:F3D1B410CDB4E915991ECDEA8FCFFED63E2B5ED417B88D22E5D15B9B7414D1BBE9018D38FA030B6502A08B3E6AC3C7C40C91C873C856636C3A59E0AF8AF5CFF0
                                    Malicious:false
                                    Preview:...........S.O.A...w...H.R.<.F.!.H6.-..~.%h1.K;..v.lgA..............7.&.I.......}.L.H..i.og..{..fF . ...O........S.@.9..}..(.....8.?./h..i.~........s..f....~.j..Y(X0.w_$.......j.:@..1...eC!1....R.P....|.f.:KC...vNQVr...\...|....E."M..j....ZJ...A......@.b...^"d.v...!..A.F....V.&....X4..F.9.V..J2.H+....&.Cr$...aY...D...<.....]R....DY\..~Z_^.Z..u.N.R......./Pn....E...u..z.v.r.....7..w.. ..hf.....)..~c..Ea.a..a.....;:...XfN...5...:...Z..H.zj..J..-D...I....k...L:5%....l...k;9.q.......B..{F.`.1......+....:WE....Gb....].}......S.W.].Wgk..=,T<Y...3w.......ChG.@.D.B...G..G..f..".....D\....+y....{L"...].......lA"^N..{.<$....`O..k.;.%...6.........i..2...M...H.'g.\.>..]z-.NN..9.t...d.'.6T.ws2]E.....WM....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\565.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):722
                                    Entropy (8bit):7.6915639495458406
                                    Encrypted:false
                                    SSDEEP:12:XCWzOn4uHHTWusdPj7qTK5wX0fbKLLThpSzecn1ud+2pVmPIo73E6WQX:XCYRuHzHgiTKOuU/hgzecn8dXDDOX
                                    MD5:FA6DF9F35EF567C4F58808C58EDD3369
                                    SHA1:3F54B7555D6B378D7A227BD12A58FF50EA313552
                                    SHA-256:88A9E487C44A05408ABFD0D423D7E3D99C1D4B89802BA786421031A8DA0AA234
                                    SHA-512:EC697E66B65DD422B81712685DF417C19ACBF4EC1D683EB8946867E4FB4ED99245C2CEDBD09698220076D3CE9712D02C501D52E70FD4104FD5DC9772D2A6A484
                                    Malicious:false
                                    Preview:...........SML.A......M.D(..Sm...(.l[(......5.t....5....o&.7....'....x........2."....o..|.g.{.!..~.....OPH............`.l...@......k.....v..7...7..$^....5l......C.....<....E*.U.....O..[.~8.cXwC#."......;Uo.aR.S.n.$).l._>s...KX)...>.6,......p.q<.8..u..".r...$.....-.C..O7.3."....2.N)..1%.dr.LVU.xjV...HO..."..xF.g....z...M..^.o....m>...'p..G4.Th.H.R.;.......$..;.....>.j..... @.:.Ja.9....v......h....)l...L.......a9._.y.|.tb..eH...y....;...{...<{t...z+y..ss.......5;>tc#............g....:.M....sD...0]u$.....5.V}..Gt...S}...m..D....]....N.0@.@..............M<.L..Y..%.b.u..h.B.J.xx..y.$!....ue.]........t@>.P.#..Z.0.[}...#wa....k/$...(...~.3..RB=.\..o.cV..".^F~.'..y.D.y?#o..?.F:.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\566.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):720
                                    Entropy (8bit):7.728468702091026
                                    Encrypted:false
                                    SSDEEP:12:XGRjyGumPias3dMoe8rT+TetLwCxjiCVf37GVo2VcZNDHFyfmUe/cbVavizI1G:XGpW37LhPxGCVGo2yZwl/bVzzIE
                                    MD5:B001AC12F3FA94F91A0E59F16E56C3AB
                                    SHA1:3E7975E3633B30F9CDF894770B7A1C3BA64275D1
                                    SHA-256:62C6D73AC836547A33F5FB76A8367CB0A6601C1F749593869926F63621DF1B0E
                                    SHA-512:8F394DADD7678825AF3BF8D6AE1CCB428F79534523DF57DE6E11B8E26083B0A394EAAC2A2B026653E59819557BC8FC3060C9AF4034A185B975EFEFE6B40CE5B9
                                    Malicious:false
                                    Preview:...........S;l.P..k..R(H._[..@.`.0..$nB.u.R.J..P...;mG.`c....`aa..^....(...X...>....pt.o.;.......q...7>...1...%)..iE6..e..eM....._P...a.4.R..KJP(.3.\N..v..a.T.......he.d..P.H<.]..e#%.q.B..&......U..l..*...9X.F......y..[..].j4_..e./+..V5.K:e.......;.{.P..u.H. ..9;.:O..:yp..K.L*.M...t>.K.....HH.Xbj2Z..f..\...r.D>..O.i...;...n....6..x..]..|..:#HTo@.....5....V.`|O.._.........G..Nw.\dI.T.F.......~c..M..I.V........f.b}.4......6....V.V&\=....{s....p......%........:..^.u...7...s!k.b..3.....W.u..:o.v.|..+.YGb....o.4...C..u.....su.G.......u.". .".!........C..8].h.qOVS..\....Z.....i_.K.K}.v.`ULv.,s.^......e......O<..>F..+~|.`Ix.!.#.......... T..kyau.i..0r....d.fr....M....D......w....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\567.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):723
                                    Entropy (8bit):7.697426444734248
                                    Encrypted:false
                                    SSDEEP:12:XjtcV5zHd++pazMyhTzqZp/CuKgsc3qeHcrk82OdHmz1o/aBCW/jG/DzdhH9cl:XjtcTzg+pazMyh6qu73ZHidwZ/jMNN9U
                                    MD5:3ED2C39D6D87D570682E6B142067AA5D
                                    SHA1:D1D9A1644BA1552D35136AEA2CC9003C4DB3B75A
                                    SHA-256:BCA1586649035E038A4E288329FC4ED75BECB91F8968A23E8C71335CD20F0522
                                    SHA-512:19D5B0ABCB350EFA37312D7ABA4C34C42993930F36074F05756326EB85492A768A16051A7F21906AE92A710E14699844D311F86D549E6BE052708476BF4663DB
                                    Malicious:false
                                    Preview:...........S.O.A....7.J..(..[S. .(i.-].......,.l..........7.&.........\M..*h..A.[.X...n...o...73..8.7<..'.....\JQ.)......U.Lc.Z.*.11..c.1.:.U.cb.Y.J.......3.]..e...Pu.l..S?H...T..=..S.J.8..f<..W..bkK4......... ....u.+..z.f.NU.Z...k.bV..E.R8B8.#...NO........D\....y}xD.3Z(.&..Y.OO..f..T6)g.LZ.).d....J...$9.IJY9y[.*MNr.@.Yt.........vt. .O..]..j-A.D..........0.h|o.1_....q.!..B..Nw..b&.S.V....w.1Z...v.L..Z..lk=.<1m....y..n.N.pB...j.u..K.7.......Nz..X\.RYw..<..bw...N..z...n....B~....g..t......1.{.vO...w.s..7.#G.PC..9...]...n.....{.q.0Q.b.B.g....!.. ".#. ."D....8...i.E.F...L....Zh\..+_.......hv..........0.)..COI..&A....-7.Rz..6ADF.C{.Y.h-.K.~F. R.5.r...@.M.....9...fe..w;.<..y........;....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\568.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):720
                                    Entropy (8bit):7.733130058209454
                                    Encrypted:false
                                    SSDEEP:12:Xv9ICH4q8L6OT61/f1DQJxKQzGXAZxe8Q3hL3+5zWtA6XBF7yc9cfODR23vn:X1IVq8L6OSkJxjmAZxy3NsWe6xxy+u0S
                                    MD5:8C7F28BA0CD998830CF28033BDF30336
                                    SHA1:F954AF238E060BCDCC096C45437B56F628915F14
                                    SHA-256:5C0CF5405ADF5C013F94AEC7FCED1F83962E3CDD6D33012001D01DC498FF8198
                                    SHA-512:5FC3EF7FAD76766A21B867E206F3C91EF33CD431B1C7885A35BCC5BA5BDCB78EEAB8142220AF117520170C4FE34C830F5D98F12A30E3C9B17EAA1275CF044999
                                    Malicious:false
                                    Preview:...........SKO.Q......D..(Py.F. F.ff:..R..P............c\..n....q./1$......{.=..."...9..~..9.^.p....|..j.H.CiYUc.E.....P...F.b.......m.q.:.....gA..ctu.M.....Cv...^....4.......e...=..e.H..SmK3n..R..lm.&.;V.Y.v%..,.I..gKi...j.,.l.....f.f.^.[.}.G..s.#.p..%B..7.!a...$4.4....<,.&G...,....J.L2..JR.s..J..aqfN.G2...KI.Jv\..E.........(..[S..........J.e(..^`...j..+..ooX7...!T{.@."...8...Q.D1.2..6.....l.....C.(R...VB.i.....<..N9....,.L=.5.zO.L....!.g.Nz...\.r^w..<.kaw...N]...........b..3.....W.pu?..z....;.U..7.#.....Z...!]..}........=,.?U...3w.......!.p...........;.Dl...8.....4......+y...Ow.%.f.`.`W6.O_......w...m.O..%H'#..z..>..2A"...{...|x..yFFI....E ...77..f..Ze.#.6.$.e..2..z..O....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\569.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):723
                                    Entropy (8bit):7.682291748302561
                                    Encrypted:false
                                    SSDEEP:12:Xkcoxkvgcq194wVvwbQMCvbXmpeXol5JH3Tuq8zOauf54seH8FIjxPxmgs7kNodh:X/S1pIQzWkO1juvOR67XxPVs7kNo+g
                                    MD5:A53FCD3295188B0B3D3C090E7C4DCFF2
                                    SHA1:5611053E5DC5B7270B51A15C8FEBB5734F923E09
                                    SHA-256:01291F270D65783F0E6EE364D5D4B5B82502D387E7D2E111FCB7085869A837AB
                                    SHA-512:B52F0E8529E60392810C90E022B7D69FEE5B249909FB6CBA0AE3F57E110AB78D4C0A5D0E6881CB64F61CEF3A0578C480EE0EB97C1A17779F241C6A2CEA925F96
                                    Malicious:false
                                    Preview:...........T.S.@..B..F....)...Z. *#.IRR...HE..`i..1M.4.99....zt.Qo.=p....D..8{.}a.EJ..._..~.{/o7a..0...w."...|&+*JR.....,...i..O.._".:..Xx...mU.D<...Zu./..{..7.]..el...a.X....8H$..e.N.L......)...w......."N..hs...F..d...z.N...{..f..j5......5{.ba.(.B.. ......H....."@x ..@....K&.....y:.K..(g.I.s%I.|1...r..,.. .3.,.3.%a....)......@.G\^..~8f.=.8.'|....l-....'..4.6....".`........n.C.a..@.v....5.0.:.*6iM....../.z.e..b.%..(.M........-.I..4....]'X......B...r......+....@.}'|.$......Y.|...I,v.{.~..x..<....m....S.{$.Q...E<.....tQO..9...:..w..P.D.F.g..@.@... .0.0.0.0.0...6.Gd..JZ...*...j.{%{.~......d..+d<.7~..y.B1J> c5..YX}.B...@F.........Sr...n.....d.d.*..!.).@.=.l.w)4D....aJ..h.....&2..q.<.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\570.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):734
                                    Entropy (8bit):7.665396167988646
                                    Encrypted:false
                                    SSDEEP:12:X9zJ++bal44/Dwo1ZovUYr79c8qkVx14WSZOjz49y/sgbgA5lmJFGlnwq:XNwzl1co1WvB9KcxKFZ5OtgA58FGRT
                                    MD5:DFE14136ACE9088E1F480B2DEAC1F194
                                    SHA1:CB353EE61074F598D93A50F38B3637DA870CBC06
                                    SHA-256:EA59AE43A7AED5771CB3D9F46CA5D40976C0C6BC946EF427B398D08B020138C3
                                    SHA-512:56E13C3C43C273B3804101B397D3E7B177E9194085436DFC645DEC387E51F5B4064085281310DF0C54AA7F68758863C92969D75145F63F48D212B04CB28B2769
                                    Malicious:false
                                    Preview:...........SMO.Q.....7...Q`.r.4.@M.i.9..b.P1....8.!...&&.&.1..1...\....T....H.....W,R.p.{.....s.{..8.7<.......H..,.c&UT+ NQ...z.hp...1fk.m.Nm..j.q.....].0.S=...@..-N.E.L.IU.n...MC.s.P.......l..~...i.R.4.....2.J. `.......{7G.."M..j...Uu..[.Y..O...x.p....D.r."6.O..V.........C..h*...d..4.NJ..,'..".I.......t$54..&...XFN.E.........Tq....w..T.)...{..25.P8...8....w.v.....i.X..P.....C..N...3..n.....5...o..(. Q]..#..Z..s....Lv...C...n,(a....W.p....5.-.p..Io....,g5...p.6v'.k.l.....q.......,..=#.0@.:OM......6.....t.#..tdS..>..]...t...~.W.l..=,.....3w.......AD.F.A.E.C....&..F..*L.E:NM.Px............0..hv........0.d..D......0.b.+..s!..'..Dd..._...#...........,.......[...g@.2.}.....Z.<..y......Z.x....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\571.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):734
                                    Entropy (8bit):7.695656348109879
                                    Encrypted:false
                                    SSDEEP:12:XkN8Z6lIc5RKe0Htz42sinp3cb7HIthw7DkRw7ntnQgE6QK+R/WCMM/P8JSNO1Xu:XkN8ZkISRF0HtzBz3cbEIDkQntnQg/QH
                                    MD5:88237B2019CB0ED22401EBDE9AE1D9C2
                                    SHA1:2540B33EA27E07634FF87ADCCA4E9B99D345CB53
                                    SHA-256:E6B415A7737E07E74D6A94798F8CC9DFE81FBC43380C116AAFE8F0E4DF8669C5
                                    SHA-512:40BE84F4AE97FC0811E653E4F4785A71796AA37202A303AD575890798073410A3296F9EBD9D7C2AA6AE3A6FB2CAA2394CE1F093691D469D6C23E5648A7992914
                                    Malicious:false
                                    Preview:...........S;l.P..k..R(H._[....:@..";i.....S.J..PCbW.....H|Ff@.......!....X..@...X........pt._.;........q...7>.........[T..p.ZE.4.=.C...q'o;.....L>,.:Sy=;D.....N>.B...N.E5%c...>..F-Ss..@......j[.q>.....h....Uj..@.PK....J.;.G.f...rz..H.j...E.p.p<G8...m]"d9s..."..A.F...=n..G..qI...".Ri)..%EI..EEUT)91..O..@z8..%%.22,J..8.r........../.:.-^w..O.$..Tj..p....9.)7.." ...uc.>/B..~..B.!.;..0.L...@....)..~c..Ea..)jh.r...:c.8YT2.<..QNdmA...Sk...7&.x.m!.k.Nz...\O).w..$.mbw...N]{...7...}!..b..3.....W..2]..}..Tt...|$.........7.B...K..<.....j7.|..#. .".!........]...]\Q.q[.4..1.@G......P..r%...t.}%F0+..... <..o.H+#. ^.^..{.N..1.)..G...{1"0r...L.......C&...xn...FN........1......F.j...f..*2..D.n/....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\572.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):725
                                    Entropy (8bit):7.693229331365368
                                    Encrypted:false
                                    SSDEEP:12:X/m4oUjznlB73QQv2wc6Z7RRkyzAlv0+AziAzpZ7FEuLqtxl:XeYHj7BU6Z78fvXG7CLxl
                                    MD5:516DB3D0B42F9B8DA93B3102E8AEBA02
                                    SHA1:51AF93171EE32D24DA1DC9FB559ED1C83E153BA2
                                    SHA-256:2B3503857B59974C3E33DF583EB2D0E36844C8C57F6D80A3A25DAB26F901C8A8
                                    SHA-512:C504C1CB723A624CF3FC6B5D3F51773AF54E5EB5C53B551FEE334352C2420D087D234E3DAB95720C870E13B04400DFBDBB6EEC3C917AF5A07BCA949921B88BC8
                                    Malicious:false
                                    Preview:...........S;l.P..k.._(H..M..R....$...mh.7.GP..r..j...S:2 ..N.,.l....u`F......j.6$x7}.)M3....w..... .a~....D:.HB:+*JB...;q.2.k.e..J.._..].qm<bb.U#...YC/g.B.....5......D_X+......$.`.4..K.hi8.k.c....h...^....7.+...A\Mr.A...n{..*.U*z...uS.*.jc.).B.. ....{.H.\...."@. ..@....K.s..R*+f..b*#.rcr6'..(...h.=.......ta|,%.. LK).....A.d....]^..q.O.....l.I.....6.....[M.c{...............(.t....d.t..V.2....7Tk...KcS./K...Qn[.,..<.G[.....A.GZ.72.....[[...$'.].........a.].N.6H..[...a.`.0.....}'.....y.oT.8o.taO....G...m]..}n..i....>6.......=h.=.z.3w... ...............t!.M.}.e:s%.....-....5.]..U..=w7..*$.@....7...$.Q........y|1.z).Dl%vo...8.xJn..:.....I..Q2N*..?{..?M.~J.!..!.(..Y9H..&r..W....)[T.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\573.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):710
                                    Entropy (8bit):7.645971303371302
                                    Encrypted:false
                                    SSDEEP:12:XiPxrAHIiQRPVp3d+GgusqXjH+EMwD29vZenKgH7sHhVHZeemIVRB7j3gn:XiPxcHIHdLPXjHAQKgH7sleMTI
                                    MD5:3CDE9084B5551874C84A9791CEF7E75B
                                    SHA1:2C6FF0AA1EA02BC47516687145C8CA1F0E427851
                                    SHA-256:88BF08B7FE4043C30DB16F47D1EBBC605A08AC4E9E2AF43FBD6B1E39D414E89E
                                    SHA-512:5275D20168D0478BD1672B80BB9F3FB22D385251BF46C0891CE8FEE7BF7B8276B234AE030068201A1488F12CE5BAC7C4330DB20F75227B25BC2EE2C53056535E
                                    Malicious:false
                                    Preview:...........SKo.@.........A[.u....q...IK...@QU..Z86r...!q..H\8..?...Q.....ns..f.uqi......og.3...8.7<..'.. g....6.t').P..[...Y.%.k8.MGL.:v.H.S.W&..u..#.k..t...{Q.TvhN7h.$.)...3..YK..........*.8....;.?.R.........l+....Y5.T.z..).jU..M.p.p<G8....."D.5....D. ......a....rM*...|I..*J.XPJ..Bv.$.%%7;..........sRF...4;&q\....F(../..[...l<.....N.D..K.8..../.....v'.X|w.1.p..Y..B.!...N'..0'..[.v........}RX;!OM......S.Z....2..Z...9P.tO..7=..........4`........K..P...6.;8t.C..l....B~....g.;l.._]..}c..}..z./L....LGvu1O...ws....>..~.W...F....ts.N#t#. ."..}.......CX]<...e:..z.NQ[.4.....].'k..{.~.`Ttv..Cc..j.Q..0....?.8..i..2...........Dd.6._..... ...$>e?#..O9..w~. #ot..!F....?K.5....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\574.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):698
                                    Entropy (8bit):7.6821284387189
                                    Encrypted:false
                                    SSDEEP:12:XVE42+/obt28gAJa+Z2UJQc6BMlliBW10mdi1pDoxyDE5LgzmicGORPgn:Xi+/MOAhnQLMlliW10Ai1ley0L4cGCPg
                                    MD5:D0B1E56B70E8DD77407CBF9CA3C1451D
                                    SHA1:C9898847A4E4FB73E5D483AB3BDED1489B32DC9D
                                    SHA-256:8EB96A9C7844CCA02FB410FF20B489E74D2D94279089EA6427B5D860AD25AD7E
                                    SHA-512:1916923AA89E000ECB70ED14506943AB602D960985B1DB3D86191A1282F8C67A4805F4032A766DDE52F04C0D500F7D18A8E2B27508A8E563B4171C1A23A29961
                                    Malicious:false
                                    Preview:...........S.n.@.......$..M...(...$.".y..I.8*...4......qJ7...[...l.dQ......ZZP..07....Y.h.'g.=.....8..M.x...........e.k.I%...6l+3....TRvM.:8ca.8.3.T.U.h.....[..5..X&N9.........T.V.[s..A..m.G`M%.a............UL..J..#.0.J..Ofsv.Wt.h.K%.Rm.l4..>.C..9.P|...i.'O.!q...$.R...sK...nI.U.,.T%.....(.\.*.\).eq...r....T.+RY..R.{...pw'..P...>[..y#..O.!^M.......L.v... h......[7....t{........C..I.r[.i.....7d._..N(bK.N`.nk;.>..,.......('}..r..Z.:.....=..-..8.'._.hn..0].........S.....fA./...8b.........x.....3.....t.#..t.D..t........?...u.a..A.......Q....@.`.`.`.`.`....}./.l....V.c.....j......K./.....}:...~.E.F..cs..Lh.]..1..I..,J2..z.5R..}.qF....`..d....b...9...>2.....]....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\575.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):716
                                    Entropy (8bit):7.684858231445006
                                    Encrypted:false
                                    SSDEEP:12:XlvoT/j1TAPdeXCEqivE6wYL1hMz8IAy4zNh/dKfvq6lTW9fbKn3G2A7:XlObWuTFb1yyIX9lyR2A7
                                    MD5:3042F430AD65A7ABE035A94ACFFEBB1F
                                    SHA1:B8D9EEE35D7E0B68C4C9DB3F54BEA7AB694B0E08
                                    SHA-256:172C72D5EB3C9846C8A4384E07DC6C4197B9FD48B2B6CB3DCE2BBD3453493413
                                    SHA-512:C849C791D637ABAFC5B17B3BBA8AF9CD16BCF34614EEBD70E6F1E0C96605CAF8557B682065EE91F64E5E54AF327F6606536072DF12C473AB0F7B4E15473C0227
                                    Malicious:false
                                    Preview:...........S;l.@......-H..+}mQ.C..*+q..MRGq.4..$.P..F.......#l,PV$F..X.:"1.*P..Hp.z..M3`.>............M.....!.J.9A.c....F.`......Yx....,..3:.-..E#.....,^[4nc}F.5...G.x....+.......`..]..R.`(8.k.e...p.^.5Km......2...B.....~:M......,..j....l.....V....A..G.N.D.~...F..!..@o.B.c.....br^.&.EI..RF.%.B!.(.%!).J.qI..Y)...yIZHH..y...W..>..x..........O.*.Fdl.H....{>.....{I...w.......5....B.a.t..y.$...lV,R......uO.j.XW....6C....f....`.tb{.MH.t...'X=u0..{..0<..w.....*...e..G.g...................gh.L.._]......y.~H.tt..}$.....B..;.C......._.w.9z.({.s..gn.`.`.`. .0.0.0.0.0..........Z^T...M.PXX Ys...~?...#.........|.!.F(.J.......'<...K.....ri.G.J..?...%..E.Sr...'(........<.....9E.%....{Q......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\576.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):718
                                    Entropy (8bit):7.666717071632614
                                    Encrypted:false
                                    SSDEEP:12:Xv9LYkSVnv7PSSYoHn3aj0uNy2YkOH1AX2ppVmOO/UXwCmY8zn0UJX97T/1YyAwE:X1c5RP15HKjjNLYkOamvVIsXvm9Vd97g
                                    MD5:5DD7B5C596527668404B05AF92A4EF52
                                    SHA1:F1D0222692023AAE4175ED4198DCCD565AE41ADB
                                    SHA-256:30F9C354D2839B4D738FA127589ADEA49B45D3074638876DC20A1828456360DB
                                    SHA-512:A3B91D49147C367C53F0B1C112F36D05F90BB786EE3F20E02BCBA70CAA519387740DE113B11CD24FAC1085754115C3B5865009AB1F3DC07D890543FF5E1FD5D3
                                    Malicious:false
                                    Preview:...........SKO.Q....w.....ex.F....ff..1..)>0FK.VF..2...qc.K..cL...,\...[...j`.F.).X.t.4...|..3......~.o|...)1....-..NL.L-[7...Y....:.E..u..T..3.|U/O..y....V=.2z .{Q.PrhF...H.3...eg"..F..S.K7nG..-;..M.w.y.J.;..,..S....rr.5n.h.R...DN7T..,.,.>.#..9.......!.....A...v.t...........(.$EV.$.gSyI,d..|f.(..99'g..4...i1?'Np.z>&.M...Qz.:.7..U......yA....N.>`|..z.}..+...k[7...#.{.D.!.."8...I.$m.5j..h.....l...y....Q`.vX]4.t..2..=-..m...3...H.=}0y#....<.p.......JU...........S.....aa./.'..e.........6t..~...B..7.....LG.u..Ks..t...Ss..u.....B.S..]?s..}.Q.~..a.a.a.a.a...;.D<.3.g......tS...U{.W...;o.'.I.Y1.E....kk.q.D.y.l=.p....$.g....Wk...$.....r1.|....F. .2.H.... #.H.r....aF^.h"G.y.....5.i.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\577.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):703
                                    Entropy (8bit):7.70991115498731
                                    Encrypted:false
                                    SSDEEP:12:XVEkOooo3f6xYQlCBNLBBBW+1Xom1p10w3HSLycMbpJYPZWo5Ht4t676wVhws/:XdOoB6xK1W+1XFjGw3HEMbbkL6wMs/
                                    MD5:A8981449FE77F9BE22FB66FEAD0CE42E
                                    SHA1:BAE23AD3405B2EA55BB46EC0A0A3DD37A95BF93F
                                    SHA-256:8FAA9D32DDB0524A3ACB5A711408794CFC54C3F4EDCE1CBD96AABF6E07D236FB
                                    SHA-512:FE6F3511461D194E1CC67F46A95AE4260DCD0EDF68B2B4604F4C17338882D8D83B1C4DB2A7C63EA11B0D2F148BCB0A3093696403D788B126F4C58CF8E4450BEF
                                    Malicious:false
                                    Preview:...........S.n.@.......$D.m.......!....6!Q\.P..4.......?@....`....)..l......B.^wR\.f..93>s...;3..8n....t...dNR..dQU..2...i$/'....I.n;.M........E]...Y.>5....>..8..:..*6.j:..$X.L..7d^2U..9.4c)...h..V...I.b....0Te..d.....Y..ZM..Sy.P..V.(.......G....S.(w.bA....H...21!.0.Z....$N...*de...V..X......y1/.3...M.3..M1=/.9..W...A..,]......@..#<G.c..V!q"...'...Q...4..c.o0...8..F. Dq.{...I.p...P....7F...N...J-_....QVL.'.........._..t...N8{.p....b.5.w.....Vt..,p..v'|........{q...X...,...0@..PK...........}a:.H.0.9.EZ....Gt..7...u.....D.3...........1.!.a...Q.1.....x"o...V.Eji....d-..d._...a.`T4..mS.....(E......J2......d..h?..]..,Eb....C..C$.5.r.....a../9..[].r...=d..a......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\578.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):711
                                    Entropy (8bit):7.688737742822584
                                    Encrypted:false
                                    SSDEEP:12:XyYY49dHIq636Pkie0Og/3RS72VAZ/syGg9+PpPZYIBMWwh+Cgl:XyYnBIF36PkTFldmPFZYIKWNZl
                                    MD5:9B15B1EC44BE9BF866D0A6D456C3A430
                                    SHA1:EA0A7F7487E297E5CE3314BFE86EC57131FE3885
                                    SHA-256:3A7A3328888FD5769C75A836759A4500E14CCDF607749DEEF6035DE588DE9474
                                    SHA-512:FCE64EBBA1D93DC97DBFA5E84028061CEC5E615C5AAAE092C3CAECBD458466A532705FD44A5513A5FDD8B3634DD24DE288E052E2ADE14680945407C7D1454A6E
                                    Malicious:false
                                    Preview:...........S;o.P..m...(H..4u_......Q.G..&M.W..PI..b..c... .0. $..*.f.O.be.QZP.X...^....pt?.|...|>.^.p....|.....$...,..&UT+&.S...z.b...bb..,....Y.bb.^...4].3.Q=.........*..E%U.~......U.Z.O.....l..~7<Q......p..ej5.@.T.X.?...N..&..-.jj....l...I.p.p<G8....m.......D. .....1....l~....N.J...MIY)..*....T,L...r9......R3Srj&Y(g&...F..7|~.D....;.........EQ..2.'.....x..^....w.~.>.V...A..B.;...bA&t.A...i.o.1[gSX;!Ku..................}m...64.no..V$\=}0..{..8<.p.;...z.+.M..8_.....l;:u.M..l....B.C.]v..7.`.....f..y.:..:..L.:..LG.u!G....!]..}r........=4.j_..;...E.@........F.F....C.cyC..sj.........Zp.d/?.9..h.`V.v.}.....<.'QF..x.V|i....F...=.:.`.H..;nr..1."..Yw......_.V7..9...].r..7]d....>.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\579.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):708
                                    Entropy (8bit):7.672159045579596
                                    Encrypted:false
                                    SSDEEP:12:XUzQE4nE+tpGg3dycFV18LhtaThotWQLTw+j/dJwiMP3cO0hoFfFdUAeAmTI:XUWl/GY18LhC2tWWTnMBP3iCkTI
                                    MD5:4990E6B3E85F116C45E3794320AFFA4C
                                    SHA1:7769003D1720FCE93EC6B61680C2E8A4984266CB
                                    SHA-256:2B293E68F6F661F367CE7C1331E939C514EDB8854194E9C7B427EDB7CD497BF2
                                    SHA-512:019D99C4C717EC2DB7CF33B81D0CE745BBDA9893D1CFAF6090AEAD86E590617A29D6B86B134CA2D8F8F61A652BFEFCC3E1AEDB0F23B4CE5006BCEA3001B580A7
                                    Malicious:false
                                    Preview:...........S=l.P..k.. !.4M......D..'.i.&..."T....pl..-.X....`...$$..&.`cC..mA..w.sqi..G..........q...7>...E.M...m..N*y..-.2'N.../..].qm:aR.kF*Yv...^.+U.:5'L.0..2.#.{Q.Rs.n.0H.e....Wx..h..T...k.l.A.D.....U."@..)N3.\i...w.j.R......n.V.Y..}.G..s.#....%B.+W.!q...$....<}V..9S)VK.. e+.T6_.,.KJN.HbE..RnnF.g..|.*..$.eiF,.e..7.Z....%`..c.W.....^..I..KP8....O....v..0~.k.Xo8...q.!..C.....X...6.]s.5...7f.^..N.QS.v`....7,..[..2..G:......r.wZoG..C;.{..F.....-.67.T3\:?....l...Sw....aa./.'..d.....c..E<.:.....]..}g.....td[..t_.y....=.g..O......B.....>sG.....C.I.a...Q.1.q.....q_.2...ej....T-xW........Y1.9.......#o.=x.|n/>.!F.....>.2$...?9....#.\............k.h...{|.8#g}d...."x....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\580.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):724
                                    Entropy (8bit):7.6947268767239425
                                    Encrypted:false
                                    SSDEEP:12:Xv9Xj1msqOnYWsonfj0MRflChD2o3C0YDoRdFWcQrgC8A1zJ6Z/CbEi7xoGtXahV:X1X0anYronfB42o3CEfWcQUCbb6Z/Cgr
                                    MD5:04B5A6C29A780A0217C2AD9D9296D3CF
                                    SHA1:9844BAE0AD2F9B23282C7352D7D5501918B9B633
                                    SHA-256:37CE48C19A0813241CBEC7603091ECE45B33966272F33997A939A3FADC2B0DDD
                                    SHA-512:D80F2D5F56E769C8980A4FF7E5A787FA45522333A844224273EA66A3680626BDBDA3A4F634FBFE70C0625916499612AF91282564044D30AB97A7A827ACBF6B1E
                                    Malicious:false
                                    Preview:...........SKO.Q......A..Qhy.j...Dk3.0.m..AP.......2......h\h...X..?@............D.).X.t.L.w.|...9.^.p.........Hb&.V.x.......8...7.M....4aR..F,:...z..]...Q3a...A..;<..j..Ce.~...mKs...-..pMul.....h.....\{.f.:...0.$..g.....U.J......n.V.Y,...G..s.#.pd..!..X.0A...Z.Z....<L.F..(.bV.AJ..HJ..Rb^..sZ..EQ..EyTV.............7..>.......X[.!......Q....8...xO....v+.0..i...P.q.!..B.c....2'.[.v...T.....yRX;!CM..,...R.-..+..".......P.t.5Z.z....k..Z.....,...P0\:3.....l...C7....fa...'..d..........t..z....k.u.....LG.u...K}.].pM.Z.w._...v.0Q.`.BW......n..B.........a...;.x..LgnB/.qj....d-....r.w......`/.k..$....t>....Q.D....^'?.v.q.D........@.02F..^F..y.r..d.#?..=yS......y....`..:2....E....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\581.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):714
                                    Entropy (8bit):7.679221400614803
                                    Encrypted:false
                                    SSDEEP:12:Xv9rVsxO2ODiu5jCuSOgZ00E0gBjlIXFlE+8EOnuY502PmrPgIcGYWMWVygZTNhe:X1rG8+GxqY+8puYS2PA1cGhMWVRH5vG
                                    MD5:886C819F6437D219A58ECD970BFD14BD
                                    SHA1:296EEC24B88D24D954AF3DA0CCBC60DC8BBACC4A
                                    SHA-256:6182DFBB7449781F9232C73B463F7D27F2E04F26B054A0A6EDDA862FBBB34D0A
                                    SHA-512:9553B0675456DEAB796100073FBD101E5F929759C0A3D0A582D2575D5C0673DE38DC267B5687495114B9B8AA9D79A623B6188DEE4B9183ADCF8CB55937243E68
                                    Malicious:false
                                    Preview:...........SKO.Q......E.....\.F...I3..... "..............3q.n.s...O...A.W qk.r......|s...s.{9.q..<..'...H.\JU.)..u'..S..[..H....b.5...&u.[3.b.]6....9g=......C....^.<.94..4..`..n.R..U.!..........-9..U.;.Y.N-..,.S....y.h5iUi.R.K.\^7U..k6e.......H .;.D.r..6$J..v...c#....l.S$IQ.9)%..Yyf.. O.*."..UiaQ.O.3.u2]..Q.i..8)q.+..`+..A............R{..'.....D..~..............=.!..".Q.t.@...0.*.5.ZS..yc..Ea..5....`....j9..j.<._jRN.pC...._......#D...Io...._....-q..v'|{.....7.;qX.|....!..=#?`.1..B..;..........t.#..t.H..t_....E=...........B....]?s..=...1......a.a.a...;ZD<..LgeN..".u......+..}$..~.$...].......~.$....{.^|k..H..#.=...;..L...{`.^?.-.}.......+...#?.......aH4....r.......-......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\582.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):728
                                    Entropy (8bit):7.696697403022451
                                    Encrypted:false
                                    SSDEEP:12:XHI2CwRFMVUiZfa1coOP5qldcfaUUKYgzPCIXWL0hOgNyfLMj7J8LZxk+A+Nj3Kl:XHI2CwRFUUiGeqldAauDWYOtfL3xZA+Q
                                    MD5:DB7F35C12EDC8703DFFE8804A0EADE3D
                                    SHA1:5DB6AE90F6DAB95D54FBBEA22F608170C4864427
                                    SHA-256:955FBE948BA2D10B29F8DACABE09BDF3BC9E90C29DE6E24502767FA80C2E992C
                                    SHA-512:564FF193A34AA743C0A8A612F889A43A9A19D1F77314C1E8E6B1AC4A3EAEDD65575590B6E01B2CED37DB6522652C5BE692302454F993385F8AB1E3CE691D1C16
                                    Malicious:false
                                    Preview:...........SKL.A........(...T...`.4}.J[.......j.k..<..........'...y5\.........@...Y,Rzp6....|.c.....q.a..G.. .K....I.TQ.8E...k#.#......jZ...e..jX,X3U......u..hV...=."..U&J&.U....o....l.K..].>\.MC..S..-...M....Y.f...L..Y.i|q..,..T..e./.j.^1.K.e.......'.{.....lH. ......C.'..&...I).......I..1I.K..DJNJ.....|&_H.Q)^...c.b2.8...Z.x]...8.3.|[......25.p"..q...w.v..0..e.X..`...G. .q.;..X..f.Q2.5...o..(...B.W.....o.&..'J.<..jRNd....l.nG.....[..Z...*.6.=W.Ztz..t.;.Z...S7w.v.fa./...Xg.....c.....W.....:....t..Xa:...8.O.y?.........;.......7.>s....z.z.D.>..B?... v.=ZD..5svR...5T].q....+.j)....(....,.....Q......].T..Q...`....)>.Rd..._..=7.EI.#..=..1r.4..3.-.?6^/..Y...F^lk ..y.......G&....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\583.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):738
                                    Entropy (8bit):7.719869424464713
                                    Encrypted:false
                                    SSDEEP:12:Xv9LCkovoUQ9P9Zun1PZEI9OX0kOjilXzyMUNPph5BQsG/wcD9y/Iyh1BJ+/8ll:X1GfQB9Qn1Pb9OWiD5UNPv5B7cD9x5E/
                                    MD5:B00220BF224CAE10E7037C84D45F6FD2
                                    SHA1:EA034B2F68A867BA416845A90C6D701CA7AC2503
                                    SHA-256:AA26F7E668AD64F5E8CA66548E7A2B8B0F257DC87C609368CF00B3AA5976BE9B
                                    SHA-512:E8BDBD34ECBDC6F961428DFF55AD525794D65FF00CA9263CA9AA4DF6B1536DE1F871AAAFCA8B9C2169E42822656B01BA1148E72AEF30E18C478D55D35F1A11D1
                                    Malicious:false
                                    Preview:...........SKO.Q....w....(0..........'...N..1...2.......t.......0.\.p...7&.......F..n.H..;9....w.s...8.7.|.p..D.}.$.....W..ZIV..).I|.B.(.F..5t-S..#.TA....z.*~.(.,..eG$...dF.1.@. q.hj.....>....$]...h>O..<K#..t..^r...\D/:.4.pp{......Yz !+....2.e.........w....%l.. ..Y...O..Xy...c.D|0....pX..D....Dh8./I.hz<8.......hL..8...!.\..k.+v...,..a_.^.m..k.N...f.pb..c;.3.oC.V.`|s..^........F..N7... Q.(R-.CkJ....vQ.;k.UrT..a[KniF.q.....<..J9.-...{....W..L^....h.M8.r`sm...A''9{.....p.;uu'G#n.6..B.B.Mv....`.:gY......i..U.}d:.H.3......y...y.w.y......G...7.<sG...Z.Z...6.v...N....z../.*.tJ.....j.....Z.......N.`V.v.,.......ia.<X.9.......N.jz...H...`...^...A..1.K*.vFN.y.....p.`.. ....H'#'...^..[...F^. ]..T.......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\584.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):738
                                    Entropy (8bit):7.686102036363411
                                    Encrypted:false
                                    SSDEEP:12:XIUkrCGNl39qD++3g532fEWZ81fLubSuOVEJwJax2kMhgU/ZQg//dZJa:XI/TiH42EG81KbSuOV9axS6URQg/d3a
                                    MD5:1DE0916F76119CB3D7E7B0CDBDA26614
                                    SHA1:F04F4AC52BB79849005FE4B71987BC531D2B855E
                                    SHA-256:739EC7D59C3AACB39777FF91E72D8E7F601861D921E5B0D536E016C2CA12D81C
                                    SHA-512:8AB2D47B2843067B3240BD1C331E60F05EF12C3A3D6C51BF5A13879332C0B37D4F9F457058F1AF3A9F5A2BA6485FC68FF491E675D65A71185F8244715CD6021B
                                    Malicious:false
                                    Preview:...........SIo.@..P......A[w.B..XT!..8I..m.....4.PCbW........8p.R...8q@...N..qAB..VBB....NJJ....}....of8.q.o........t.H.....S.x..%U.BG......U0-..4j.F.........)...B.U(80d.H.Es#..&..u..=d.9+k..xI.Q..)..j...|.fMu...U.P.......Yt.it~..G/R9.W.twR..=o.f..~.#..9....e..!....?A......w..x.t%..hR.$..G..DoL.M...#=..M.."..h.7....'dy0!.F.t..;}..Xr...%......uA.......j.@.Dp..<....D.z.`|S..^........C..N.... q.*R#cBkJ....vQ.;..j9j8.`[K>eZ7q.4...y~..r...%,w_.u;......{}...kp.k...:g2..NLp.zv'...}..N...,l>..|..k..0...u...............t..Xa:...u.+.~..u.y...s6.....7Vo.}.. 4!4#. ....m.......]...qgR...Z.C.P....P.P...W..!.0.....X......a...9...X...F>.;t.....@..\.k......w....RA.1r..O./...{;#..i'..'L:.9..~..rn..B.t2.l.....".....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\585.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):739
                                    Entropy (8bit):7.68554724487896
                                    Encrypted:false
                                    SSDEEP:12:XzkupZ4SocrNvKXPM2i1SCYJUpvOtFvm+JBNcEhurHu/2SuLWq3XadXYtFVsfDyY:Xz9pxocrNvKXPTiuJes6EhY01innYXeW
                                    MD5:3DAD9DF11DB12E656C098E49158756FF
                                    SHA1:409D45B6628478E32F91F25CFD08C82FD338F20E
                                    SHA-256:1783C3EA16089C6692019EF6DADDCEC68B78AAD9E90F274DF382AF769C133BA5
                                    SHA-512:9F6527E3C740B1C695C4C015F8907A94E8D7805BC4759B5A5A25BB38A3942461BF3FF1F0B5118FB19701FA5728DB888880731C7FE5192C5369D6AA323AF48FB6
                                    Malicious:false
                                    Preview:...........S.O.A.....E..(.|y.i$..A.].-..*Z...SY.....&...1.F=..O..1....x..E......W.X...l.og..{..f.#.....o....1...%...iQ6|..T..:<.?....6....JMC.+>o.R..I:..f.:...b...-...3y.Fd..AbO.Z.,.."...k....E.H.D..<KE.v.;K.8..iQ4.v6..wl.bZ.&K%.@.$dU.J.\^..W8B8.#....v....;..q.D.!...uphP.a24.=..........P$.I.r..P0.KK.Hn"....#.T4..$..th<..E...{...lv.D...|;3.p[...9A....g.p"X....W.oE.F.`|g..^....c.......n..cAFT.L.......~c..Ea.(U.T..a[+..f.b%...y.`.r....,.@..j$\.5y-....Y..7......NNr.6v',..s..N.v.,l>.....k..0...u..n...my..Y.}c..Xb:..s.t_...n.k./.y?.........k...;...A.B."t#. .".!.cw.I.].M5..r....kE...j.v%_..Z... ......_:<`{. @<.....~..(@.....Xu<../#W...}..x.I.t3.G...FN.....Ko.p.e.. .;...3H...3Pl..........g.H.....<....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\586.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):734
                                    Entropy (8bit):7.695587538347959
                                    Encrypted:false
                                    SSDEEP:12:Xv9LqY9ZGyHCgQo68jiOn0SJ/2yncCxWPewZLftCV98DcBmvee8Bey8BHpOSycfM:X1OY9ZGq5Qf8jiihiyEDzcBzVBVQ8SDU
                                    MD5:912A81BF2D3A983EC40030DA2B13C1C6
                                    SHA1:6FD82B923E3E2A46A15CE591A02E617563626FDF
                                    SHA-256:FFF709EB116D81A53434C1DAB2494CACEB56E580D8CFCCAF3317E49B5A65C882
                                    SHA-512:C91EA518B8FFEFB74FE85010BAC67078B13A4A059B0B364A53F48ABB6D2125371C0389EB496A9586702A88C008CC75BB79FBB3428638A6F1D5B99C4E07D9C1B4
                                    Malicious:false
                                    Preview:...........SKO.Q....w...h.vx..i..aa..]......R:.2:.!...M..M..F\..W..q......QD....s.-V)]8......y..r.._....w.@,.LGE1..$.~a..5YS......QS1L..Uj.zI..9sF..g.bA.J.j*..Sz...^T........#.k.Y6.b|T....DC...x.B.<Oc..m...Qs....3...F..o{).J...\..2.*j.c..S.).!.....=..[.*./.@<..?....yzt..3........I.b.D2.M..S.p>5!F.E...L<.K...l6=.9.............dy.s............ R}..'V.0..@}.6.n5.......u...3v".........q.$..U....M......o.ggMRU..%..Zs.s....|i....-..l...C...p...........'.]...m...tz..w.;a...K..rt.f..q..;..d..|..s..9..u......:WC....Gb......}i...C.i.>7.......8z.(..z..3w......C...........p...&......JsT.5............n.......-....?{."^F^.[.x..(D|.|.v..<.....`7.<O~..."}...&....@..q..k........]e..S(4....l...o..!2...M..7lMmf....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\587.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):745
                                    Entropy (8bit):7.710499043375526
                                    Encrypted:false
                                    SSDEEP:12:XhZF6uNrPPKylCGVg2StZU//Up845mIzABpXcTB/6acP:XMAxlPg/YUp845fcpaZ6acP
                                    MD5:963DECFFA30FF339F4D119025B18BD84
                                    SHA1:14E2C83F43B2E4C1BBB662CE1F62650CBA613E9B
                                    SHA-256:27C836951FB068C4022FFBABA679121CA46122D2D73B976F966FB916B649AFA1
                                    SHA-512:652B8AEC24ACC1B5BD11A6DCF43D2346D986E885F091D9933C1CF23C5E6EB5546369492D8466E74418047F6EBE741F47F227039D2DE497D6E141D631736CEB02
                                    Malicious:false
                                    Preview:...........SMh.A..i7.I..R.[..bP...%l~..$&fK...i2...]....EP<xPPP.*..y(.=....7Qj..........Msp..v..7.}.f.#..........bb"...PT.E...cT..:.?...A!j*...A....W.B.R.B..jg.:........2..-.........'.kE.`...Q.H.8'......K%Z0.*....v.D......cF.....k.a.L3..\...*i%c&.S.).!........[.*'OaC...?.....7...a0........"b:...IFr.hJ.s.c.Hb"%.'D1.N.Rj(#&c..bfb8.]xv......Y....i..p..?..tJ..^......u0d5..U..|{C....F.z.E.!.....-.#,I\5.T......7Vkl.{.LP.HuG.....i.NVr....w..Z]PA.;..[.p.m}q;...b8V.7...uU.I''9w....eX.y...<..Y.|....)V.=#_`.9...3.Y.......}d:.H|`:......u.6....]m...u.V..Q~G.F[gn7B;B.B'.............+.d..TczT..,.e.....v.W..\.._....b....^~..>..&..<.q...H....NF.C\k..Z...........~.t12...(K?...r.#..."...nF..2..Y<.x7Lz.9.f...?.>..&..<QC...........

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\588.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):734
                                    Entropy (8bit):7.68248200756813
                                    Encrypted:false
                                    SSDEEP:12:Xv9uyjh43XtCSrsXY+WksCVt6KG5xq042YhQ7BTc7+XY42ti680YT4TlUF+HOpt/:X1/jmFrsXrHsCVt1G5xqthQ7pc2YGJEU
                                    MD5:98D499EA1DE8641A663152CA771AE7FC
                                    SHA1:0D5D87BDA6DA3B0D1DC407A05769432F55BC15DE
                                    SHA-256:4A159469D4C486DE2B94888EB7EC47C2C64DC3F2302C4A5C8B43555EE3771C53
                                    SHA-512:CC81513B8708D5FDF4ABDF74B81691685AAA25D8FF2CF43C77001127FE4FE12AFB12C05BF0F45774F575D90B316C8CF1DCAB063729597E4F2286272E767B7574
                                    Malicious:false
                                    Preview:...........SKO.Q..+.w.....e..6..(i......AD.!......3...111nta4.;v.....v.n..4tg.Q.)w.H..;9....w.s...8.7.|....H..l\Q.q..T+".S.......q|"B..,..:.-..E.....Y.0f.R}P.5.!.["..-...M.....'.F..Z#.>n......T.+.d.L..:G...itV.U....R...tha..l.P.\V.toN...l..L.~.#..9..o.{..!....A..r......p.0...Kb2#&.!q8%...C...yQ..,%'...(.ry1?...,....L...=.....(..|.>.j.......tZP.9.......h....n...w.....y..=.#....!..v.......5.........Z...s..^..+..Z.*W......<.....p.b.....#.j...N.-Ds.......4.NMq.vv'\..s..N...,l>..|..5v..W.`.:..[c..y[..8./LW?....l..Sc.m.......:O.s..P~..F...a...0B7..p............-"....53.V.LM.(..U..+yK[..X..#.....{p.>b$..k`?.kos.c.../......3ObD`.:..w..{...9...d.........3@....o..{/#..D}...bQ7..(F..y.....M,e.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\589.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):735
                                    Entropy (8bit):7.728438424812027
                                    Encrypted:false
                                    SSDEEP:12:XIvGqX0rQY8RDz3j3ffNg11IDltQwGxMbqX+K2OFC34nua7qjzpuNMf8kCDzG/n:XIv9X0rQY8RPbffq1IDIfMqXSOpua7qB
                                    MD5:283F3697E1EAF889A887FAEA496D5FA1
                                    SHA1:BB031093535D8DB3FA0FB53838E5FD7BD81D9CFF
                                    SHA-256:C4DCC6009B35C8A47D1EE7C99068466C82E811CBDD4B9A700AF3ECDDFDFBCA6C
                                    SHA-512:B9C31CAB2E2BFB9B3364F8526CCBAB520352445FBB561F5273D2B854A2180558BD1FD6B038377385299321804D968FE1A4EAF2B4F693D8DB3103A756CDF4C893
                                    Malicious:false
                                    Preview:...........SMO.A...w....(.|.j...F.fi..H...D.!.;...].....&&.........nx..h...\..4.f...o.b...y..}.y?....p.....q...$..p\.#q.*....S...z.t..>.P..,.Q......=....t~.A..nk..C.wEb/.....U.z@...b..t......l..~=.,.i.Rgi..C..2..^ `.$...M.........E.@.gT]6..\..W8B8.#.q.:./..\.....D.!g.@..sN.&...1I....< ......H.Sc...f..8..&&.A..\Z..tV.$H.CI......+n....G....r....e:...9........H....n...w4.......=.".......V.!.$..%j.-hM.....5/.{.LQ]..c....o....s.9..7('..P.r.5Z.F.....k.....Q...,.6.5..l:5.[.pl.....;y.p.......BT.=#.`.1..5.&.U.........t.#..tdG....]...t...~.W.j..=,.?...3w...!...B.B.F.A.E...G...3.n..%...j(<.@.......\.......=~T.1.d.-._.....g1...`O^.^.3.c$..-....{.....bd.2=h..[O..... 7G...7.......Q/#'.X.,=..>F^.#}..1.w....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\590.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):732
                                    Entropy (8bit):7.70210254833098
                                    Encrypted:false
                                    SSDEEP:12:XMgSjCcSFcl6f3VHw2wZe4FcT7tIItWdzqoz9x3L2Ym7aLB3VVdt/qKnZtR:XMHjC3c0d4FA552d9xyYm7A3VdNxp
                                    MD5:1F36C329FF4D487F69C13551631DE3E3
                                    SHA1:83293617178508F0FCB5FA10C658C9860EF335D5
                                    SHA-256:B5D92AACE9FFFC9EA04FB7A3A48EAF52767356205AE1DE6946A838AEB541A0A7
                                    SHA-512:65A30BD03BA50E5ADB5F6DB01899DE2CD8420F21769B0319AD071D81BE79919D77F32462E0FD51A4EC3E6FB05E9CC5E94CFDB3B126B51B37B52F64D0579B17BF
                                    Malicious:false
                                    Preview:...........T.O.A.....E..Q..xj.8`$...l...t...!.........I..L<.Mb....x..O.L<......z.D.[.X...4....o.....r......-x. !&'......Z..ujVUC..G.....m.M..m..-....4...Ky...c..i...9.....+XTV5...o.4Jv..O.q.D.8.X.......h.5...D.b.ZU?.0,%......S...Q..rY-..UW...X0){......G...S.(7oaAB.._....12:..apy<.H...$.EqB.d9.M..R....lj&%NMKi)..s.,....51;#.9Nz........5.^..X..v...:.V.Y......R.)...{I@.......N..... B.w...*3....5..........'..s'.^..k....T...'..."...Z...[P.t..w.p......-...Io.....4...r.Nv'\........p...X...,......_.....t.y.vH.h.2.s$........[.t...ss...u.....D........=...a.>........X]\...x....Z...T.......q%.h[?W....Q.....GN.H.#.B._.'.<.H/#..\..?.x&.0#w...>.H.##......f.......Z......FNA.K.......d...@.....y."..._......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\591.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):744
                                    Entropy (8bit):7.715909644469863
                                    Encrypted:false
                                    SSDEEP:12:XIMmYl4/175p5fY8n+MliLcOdVwdHFZ+b2v+Bt485hCjlqHu4jBOE3NjDp44T/zn:XInYu/t5PfY8Y3YdHK2v+BqboOSthDDn
                                    MD5:E8F1C649DC9B27E187A4B639F418C1D3
                                    SHA1:0A50AE8117ECF4544D38F49DC44FEA66CE796AFF
                                    SHA-256:661FDE9A5585B336AFB4B27D700EC4CACBFF6F069A555D4D034BC8261CF59AB1
                                    SHA-512:BC82CA98272CEBD5209850330B733F65AE369E20C6CFFFFE473FA387A0657366556568DF6066243332FE5CF1AFE79B7C4EDE9351225C4FEB935735FA20F0F1FC
                                    Malicious:false
                                    Preview:...........SIo.@....t..QA.tC.BD.e..L6']..:*...4....]9v...G........pB.?._..z.RJ..F....NJ.m...>.....73..8...|..6.....,....+f.?I...k...I|......AC..L#.......F.rF..ZH.T.!....^4?.5.........9..z..qM6.E....4g*.4.\[..L.....cf....;..^.R......z.\.....G..s.#N_..%B..W.!>..?do.h.:;h.arfD..b,..Hb2....Rb2...'.)QJL'..H*%%#.Q._HK.4-..;+\..e.(....s..7.v..\..~...P8.;.q..V..@.v.`|g..^....c7......n..aA.U.F...w.1[.w...........n.by".....=..n;......p....k.....V...(.6..U-:3.9[..m.....vr..fa./.....{F6a.1...5.W..../.t...3.U.........T.w}..W.}......^;zX(.h.FW..Q.N...n.?B.B/B.B?..v.=.DlM.Y.(%:N.E...U.kW...e.@0+.;...Au....K`....'..f.....{..S.........Q|&..F. ....6.....".c.o....{.#?...O..x.X ...j.+i....|Uy..m./x~..{.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\592.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):734
                                    Entropy (8bit):7.697827200230793
                                    Encrypted:false
                                    SSDEEP:12:XEVX+UVuTzksm1t9U3BU+p9QcT6BKmQs+yJCJ7jD6eygN8ZA+48bmvUZk8FZizQF:XE9+UVuTutu3Brp9JTEbQ7+u/eguu8ys
                                    MD5:6712238945079488A1CF866D5DE230A9
                                    SHA1:4088FA7575EA926D2DF632C97C17FCA1F661419B
                                    SHA-256:2EC27890C4515482E6FDE14271E67386C52584F66A705FE7EDC615406D19AF41
                                    SHA-512:D262ED33477FCFB9ECAD8221AF8882BFC409C34951FDAFF90FE7DAB796037128ADB4179E55458D5A00D17B169945EBAD86D969F97A1AD1B106A7899F032488EC
                                    Malicious:false
                                    Preview:...........SIl.@........b.n.HQX.".T..I.....4.P..F..R...N.c.z........X....S.J ..O.%.i..5..7./..A....o..&..!..e9&ZX..h....i.....'....v,<h`..z4.u.t.0.gs.%l....{.e..O.....5.....L.).#.V4U..=.4.bx.X..[....Zk.el... K5a..t....J.%<^,j..=...Y.g..... ..b./.u.$..P.0.....4..?.dqlL..Si!....J|xdT.H. H..8.O*..R..Hf,)...BV.$AR..sc......{.........79.|.O....I.q^.x.....v-.2..yC.~.@.... @. .'.B`.:.2....6)M.....5N.j.%..b.&.Z..M.6.....e..I'.fP.t...z..........g.tz..P\o%.;xr...;.Y&f[..o.o...C].w.b..3.D......Q]..n..]......g.C...T...&]..}...._...m=H..U...k.........t........Cu....m...sZ.g...*..$k...v>M..j......d..q.G....N.....|..K~....".\&..../~..nJFI.W...{.>.Q.%..9}g.:?.G..|CH.vE=1.>J.i.!.)y.....3......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\593.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):751
                                    Entropy (8bit):7.760374802043902
                                    Encrypted:false
                                    SSDEEP:12:XvWXKzuEjFRQSjy1fan5Geu6A3dt+HzVlCGwc3qpqoMUYpb313OFFjurcNb2rA:XeqjrQKS25du6Adt+iGwXpqoUpDooE2s
                                    MD5:D74663CAA7C636098623FF86A5E4BFC2
                                    SHA1:123CDD1F823BB7A2C8E044279F2C2D805AA3CFB4
                                    SHA-256:7061B231EBCF1376AE8F2DA387B12507FA9BD7747D04ACD41793D2D6C0DB33EB
                                    SHA-512:479EC5277542DD6D5CE28EBD9CA0884FDC04B30D605397E5A60F087C68EA9B8CA331D13A9FD2DFCD046F19CBEA6E4209988D914F86A2D85D99A7E6D16E53092E
                                    Malicious:false
                                    Preview:...........S.O.A.....hBD....P...#.l.-...V....Nec.K.."../F=..d0*..z2.<y.._...*........AK.N3.....=..o8.q./...6...@.H.}*.J..9B...^.Y....R^+..#.....g.4..2!:.T.R.#..y..t......Nkt@.S.HLqU.2.U?.S..g.M..;..\.f4.L....m..Z...l.~.`b[....R..\N..C.IN(9m:.R.).!.....mm...Qn...."~.......9=....x2....AX.8..{..hT....R.@jHL....Hlp,4...F.Q1..z...`.../..[...K..z.c.....U.8...1.wW.o@.v.0..yc.&#B..f......7m..2'.r.@...)..}c..Ia...*g.......)E...pz...c5.qo..1.Z..Oxzdo...+..N....k(..%:>....M.6.l...LMxYX|.....6.;#.A..t.n..*.....R..`.JK.0...Y....~.Gg.......Tm=L.o.].J..GhEp .!8...:.:......hQ.."k.I.@.T..,......$......g..Q....siq.c~...#.a.[.z.5......a...5.}).'#7`N....^.........q..W..`.$..n>..u..;......!..F.A.kC...W......@..#......,.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\594.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):740
                                    Entropy (8bit):7.733876695943081
                                    Encrypted:false
                                    SSDEEP:12:Xv9+X1CIthDv4WW6EcRHuvQaPUMi7NWJ9R4sHZJsMxCQf+2qQrSJdI5VfBq0m:X1+lCIthrpROIMi6OsH3V5f+23SJd4VC
                                    MD5:0D6B625963835DF19E69717E14DCD9B0
                                    SHA1:7DCFF7ECBFA723A649B28582D07402AD6AF85B51
                                    SHA-256:FB554DF88BF2DE54A43A8BC4CCAF22E3BFC8E46031385EA0D5D9B93C0635CCEA
                                    SHA-512:012D6BFAA79DB0128F7244C82BCD7E3224568D79250C5ACC7771F263408C6B491458430E8798FD83F5E2ACF4BFCA1D8D449B6085B336DE966579CEA6F3222111
                                    Malicious:false
                                    Preview:...........SKO.Q..+...E...c.hR.&j4H...V....J........41...n0.M\...0n..,u..3.0.X.9.......~s...~...r..............*J8jQU.C.....i....._H.:..X...me...v&u-w...7..k8..B.MN.E..M.N. .-Surv....*..b[.q-.....h..]..j.}@.T.../..3{6f..............Y..O...x.p..l.>E.r.*.$H......gN.<LN'/.J....II...........`z(..%i<..Hf..D\.ScrJJe....5.......l....;......P........T.\x7j.........z..5.!....A<.F..f.g8.jem(M......O.k'$..R.5..Z.(7M.....i....H'......^v.....+..G....^/...]......<..N.V`...ko.6.aa....X..{F...=..|..7.+...-:.E....-....P.-W.]..Vt...~.W.n...&..].r. .".!.#....:.:...........i.S#Z.....*....P..so.......hv.FF.y?t.I..1....Wf..<4.!.|.=.5.Yx.!"#W.&.[.a>B.22D...FNU..........G..... ...G.....f.8.w...g..#.?...1....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\595.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):742
                                    Entropy (8bit):7.7480832924023995
                                    Encrypted:false
                                    SSDEEP:12:X4R7fQY+5dt9WQTSM2e0t/D1QQ9eQdJr1bQ7/6/4W8r+Ybex9FlIuUJuWQ0XkMa5:X4RjQYkNSMy739nlZ26wW+S9RUQKfaik
                                    MD5:76764F2B412A1B841514952905849F92
                                    SHA1:58A977EBB3535F98F160D40D6BA1EA8FE960AE46
                                    SHA-256:E77A532C92EE38267194C041305660F89DC90A6AF33F3A158670B9395630E51E
                                    SHA-512:4E4143A3EE403BCC45C00CAEA586F7D0842919F9E1C4D66795F649D25EDED22961D377CB239B1EF52265B8842ABBB1FB35B0B8F2177B9254C24D2D0CF4A1487F
                                    Malicious:false
                                    Preview:...........SML.A.......H.(.^...j$.l.?[..%m..Q,.T6..f.[D..7M....F..p.`<.x1^.x.DTT..M..2.EJ.n3.N...{.....q...7>.&...OD..`D.y....^V4u.?x.....,..N.Uj.z......E%7B.2.%...f.h..[2......."u..5.ky3g.E....n...]Q/.b....J.F..].8M......F.....SZ.&..%G......lV..S8B8.#.q.:w..U...."~....94...091.....pX...dR..d2>*.b*9...MJ.<...rBL.RX..a.NJa......e.,..?....v..9M..i.W.8.;.q..V..@...|{C....D....A.".p.[..Y..j...5.5...o........j...lk.....,...<...c'....v....0z`kq+.....IoT...d.&...-.N.Va.../r..fa./...Xc.....sn...'.U..m:....t.#..tdC.t.j.~..Y./.u...9Z...F....]=s....:.:...]...=...}.]\. ..YS...R.cTW.<..pm....'k...[.....$..C.#7.....W`../,../.NF...[>..|.@ ~F....r].=.H.#....f...m.x........@.,...z|O ..<.f..{..t..@..9.i...MAU....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\596.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):741
                                    Entropy (8bit):7.686110263556316
                                    Encrypted:false
                                    SSDEEP:12:XvAlVtSNQeRktVrWENw5YLm+giKxBsphAwraWukXXQq2ioQ1NLTr+w0sXfo6PP9B:XCVJeRqaENw5wUfuTd3F25SRSpsPPEa
                                    MD5:BE4CD23F158E099B11D28B0226516F32
                                    SHA1:14D5611F05CEA2A12E9D0917CA6249569FB01937
                                    SHA-256:D33DBEFB6AC55CFAF10F473A35B349D436421916F817F04325FAAC5E1AD01D5B
                                    SHA-512:8F04B6C887021E6ABA409F2BB5F85EB72A6F509F17D2A1DF914E2524CCC689DEF4E4E7D684625BE8D7994A5FBA8B1285716EA9A5FB32979B2AA7947515982F08
                                    Malicious:false
                                    Preview:...........SML.A........(P..X.. .H6._..KX..1X.llw.v..zWOjb<.{61..^<.............W.P...6...7.....p....|....J.dDUC..f4+...fA3....1....;g.&..m..\00n...(].4.P}H.s9..l...hf"e...n...M#c...(.12.s.ej.y.,..iK+.(p{+...*x..a&j..l.^.9:i..ji.$k.jd...I.p.p<G8..w.n...9....D. .....p@.ap\.....HX.."..%..+JbL..&.Qe,6....pB..RR...d".H.L<.^~.|...,-G..w........\@.f......s Tj....& ......P.....C..N7...$1..S3eAk....X..)..z...$lk..^4,.,L..x.?P.NhcA..V./e.....7....'.V.l.....tv.s5.;.X.e..........._.b..3......u?..t.~..y..LW:.+LG6u...[e.;t...Ke...u....C.|s.F...A.6.v....B'B.B7B.B/v.W..G6tk~R..qjjF...p-....'...[".......a_..kwE...K.7.s.o....K..+..\O..$..5...W..G".dd.T.]......j8...H.......7.W.........../..I/#...{....G.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\597.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):739
                                    Entropy (8bit):7.735220739235601
                                    Encrypted:false
                                    SSDEEP:12:XPSxLpWxGy18/H/7/4HUDijg67wxrJBHsoMl0x5pzoP5EJw0DSoVInLVG+pTi3rw:XQp2T1c7rSg6kZJ9s1+oP5q2Jvi7PY
                                    MD5:755DE0B6D0BD4F3462918F6689BE9489
                                    SHA1:53595B073CC37340E7553834D57468E8F216A3EF
                                    SHA-256:7BBE3EA047F6DA330638156805C9E09AB11085AC05706279B3F0A7D7212743DC
                                    SHA-512:AF9FDF8F21AA326B3D177E49F1419EDE2BE2D598185A444772346E0153504619BAE26E77039A938DFE1DA062DD80A17BBA3588EAD6219628017C2D71E14F5954
                                    Malicious:false
                                    Preview:...........SKk.Q...N&.j+...M_.......0y.i^tBZ.R....&32.i..]]X..Dt...J...V.\.+..Q_....='.SS.f....w..s....q...7>.......%...hQ..,............e...B.]....1[...t1....b.....).{..d^...L. ..5.h.....T..{....9w.T..]..!.v.;KT.:.....+vf..wmXcj..J%.@;..".%}!.Q.).!........YN...."~....z..Q...X:.MND.b(....d$...S.LL..'R.\Z....DJL.#Iq"&....q...-......2....LxqY...s..z$..C.D..c=.5..."`..M..z.6.Z...N....O.. ....B.......yc..Ea.(U.T...X....fu2...........XnW..Z$..9..{..qY.`....Z..e...p.6v',..}..N.v<,l>..|..k..``.:....t.y..E.4u...6.+LG6t.S..>.-:..{_...:k.9zX(.........A.C.G.@.D...G..;....e..MSMV.<n@.y%..l...e?....$.'w.....'=.....j9..y.Oz.....?..wo.......W.......>Fz!.3W....d?#.H...#_..D....bO.J-.P....#O.........d......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\598.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):729
                                    Entropy (8bit):7.658679103076978
                                    Encrypted:false
                                    SSDEEP:12:Xv/gfMC0TkAkw13l57BWkUjoc2H7vWQaD2/YMkDi8fT4ofq+M/fVJtg:XngfMVXVPWkUjmCQ+2/YlDPfTTMVg
                                    MD5:1C3AE146CE729202D7DE6C447263D8E6
                                    SHA1:B9125383BE7C370BEEABAE22AF0E3C84603DF93C
                                    SHA-256:B48908D4172C3429889B3F7DFD5FA34A7A73B9381746372038B89A742E395A31
                                    SHA-512:2787A7D4E88800DD8ECF9A00F9312100B7BD62C11D87D9A1F858E830A5A8855215B91D4C747CD9CB2238A08D268A8DF2A3EFC96CB6C86B9CFF516AED13E60F72
                                    Malicious:false
                                    Preview:...........S.O.A.......h.Q^^l.9..H......l..c.t..q.k..E.f...&&&.7.O.<...'=..._.....2.EJ..f.........p.....Z..B..'$Y.I&QT+..%fU5...)x....,.$.:.-..E#......d9o\'..nk..Bv..^D.)Z$.j.O%.i.P.5..%C!...-S....2)Yj.$(w.~.L.j..t.$......wF..B..e.D.s...ek.h..+.B..!...=.[.Y._.... ...J..........,..q..8.(L......8.)...\...p&...s..........;...W.|~...y.i.+.. ..#x.,Ddb.q$x).=.s................8......a..P.gA..]!f.....~C..vB...1=.t[.!..a.du.......vb...`.X.y'.........=[..7......M..9..v'<.t..../..fA...'......A......3.s....].W.s.....]..}...y....>..].W.ms....;...9s..]...=...^.>.~...A...h..`...Z!..T.....Zp...#...o...d.`.h.8.._].,.nF...X.....".a..\..:VD.a.&..'.|.:WE...(.#...H.........P]..F.........G".d..WyO......d....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\599.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):728
                                    Entropy (8bit):7.716818288165668
                                    Encrypted:false
                                    SSDEEP:12:X8GDCq5BFQuiJIlz5bXfPVM8wO5vRRYRnsR0IpCxzbSj5UG22su8MMIC//:X8GDJBFRlz5Tr13Q6gv2v29VMZCX
                                    MD5:AC00B4DC7801D6FEB4EA22A63842E7BE
                                    SHA1:FFB69E6B8E86C3BFBC83DE2051629CCC3C1E1367
                                    SHA-256:AEF573C9EEFB4EC4053318B8001BCE827B26443D23051401916D9DDCC03D2F1B
                                    SHA-512:8BCFB2E828BBDD9F53AB6B1FFFD337D0EF30D33C48090630DF3211141AAB07C0F69987097888D31B77AD08B8194098C641E0F1AC927E052BC4F4447D077EE2F5
                                    Malicious:false
                                    Preview:...........SMO.A..........|y.i....d.n[.Z.n..c.t..q.k..E.j.8............G9..W....,.)=8.yv..g...wf8.q.o...-.B!..2.,.%.(..........p..<..dk.m.Q..Y.b.Y{QSKSd%o."..nk..BF.Eb/...I...S...4..dM$y.PH..d.T...T.LJ.Z#I..._,......*I..g..J..h...rY-.....F.Z........s.C.p...i.k. a..?$.Rh=;2".tp!...R2.q.O%..i)....i...ra:5?...x<..&..4...............>..F..y:........^!.Q..5j..^.x...{A.k.v...o....85....B.a..6..,HJ.+.,Z.4...o.....N.#.BLO.nk5$.6,....<.l`'....vO4.w".......[..COz..P\o...da..;....O.x...6...uA.h..v..O:...u.W..........1.s$.....B..k}./.taW..>..:o.{..(............D..............I.#YC...j...S5..&.k........{_D...].=s.1...TD.F...D....g".e.:\..VE.e.6.[..}/..D.....#...D.U..h...P].AF.........'".b...W.@....9R....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\600.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):751
                                    Entropy (8bit):7.677666026183545
                                    Encrypted:false
                                    SSDEEP:12:XjtY13gWN/TgPz2kkPbxuMkiaBdxW9Hhp+NH+4vmQzlVapZhvX8u0/MDsDKBnsEp:XjtYh5N/THkkP9DkDBrWfp6H9v7ipZ91
                                    MD5:F0A0BFC5DBC876BD706A02FDE1E97CB2
                                    SHA1:97ADB7C93F19C3131FF4AC3734D386E72E20AB9F
                                    SHA-256:769212AE17986EDB27704D9F1173E5546C6DC72442717A30FE7614D4AF1EA698
                                    SHA-512:109B921510F9E782C646E23A2EB5D1ECD6BE233977B645CEE38AC7A06DE4C04C6A904120892095C5AB1D6F05ED4706C9C05145E3ABBED6409371AF7C40AB5EA5
                                    Malicious:false
                                    Preview:...........S.O.A....7.&F...+.X+^..6..B.@..V.).l...n.......x1j...'.x2&..z........1^Lt^.b.....o...of..0.o...._..Xt8%.rX4..Z..46K..GN.......f.&......N.s....KS.%.Gt[...2.#.}a%..pB..H.....y+.cEC..X.-S./....[j.....6X.V.C.2UbV.M.....Q....m...F.Z..~....2.A.....I.s..!~....5.h....X29....#))..K...dL..QYL..xV.J.hJ..ai$!.33.xT....k.......E.....\.8..;..26..8.q..+.w.v...lWC..............a.[...$q..b3g...w..ZcS.;n...6.)..%..`X.X...Y..c'..P.....+.`......[[..INz...\g9..xv.q..;.. a{....n...C_.7.b..3..L ._....Bu..K....r$>S......O.u?.......u...s.V...e..ot..u.t.......=...}.....].h.q.d....Z...T.....^.gI_..ke.AUHv.|../D<.y...e2V.W.'W...O...p.4w.GAJn.........!R...3....^J..}.|G.#.o..q....)y...8....r.G..<K.vv.......r../....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWC\604.rat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1418
                                    Category:dropped
                                    Size (bytes):746
                                    Entropy (8bit):7.681851004958819
                                    Encrypted:false
                                    SSDEEP:12:Xv9Lg0qpoBJuxvVon+7CjJFfz5aImHBIOhQMOXNp52sgHvQYfKlWvQTEtf8PLjXW:X1cViwxvVg+GjLb5aImHBpZ0osYyl7EZ
                                    MD5:47A800B393848B2EA2CF176D93E0CF78
                                    SHA1:C9FC7D9FF10746D5256705CD1B5C3DBD40682494
                                    SHA-256:2CC55BBC64F92CB646F82059AEFB1D4C408EE257694CE1598EAF71A38C31119F
                                    SHA-512:7312823FBA2C572C433A8CC3DC0F78B2AA8EEDA019DD6BBA3AB6935330A3556B35C77136D44A0071525925B8CF8E78EB8BF1338BBBE48D7236D2FF3D873CEA36
                                    Malicious:false
                                    Preview:...........SKO.Q....w.........1.D./.}L.........3f:S..(.b..Ft...2..?....&......R.)w..t..o.|.;.9.\.p.....qx.....dD.......g.^V4uh .O..1....!....+....lQ.'..v..C.Y,..e._....9..+E...k\.d3o.E..&S7.I....}.B....B....n,Q.....r.(..2...k5..h.PP.t_JQ%.`..t.~.#..9....c..!..X..A...7.4.....8.JO..D8.L..HF..'.l(...R"3%.d#.x6...R..a1$...Cb6...[:..t...W....z.n...Y:.^.....c0X-....I.............<.^...t.@.9..f..9.JS....h.....G.*S..c-{.+.....<..j...4(c..k.W=.n...-.G....^/...Q..M:3.9.......k.....X...\l.{F...}..-.W.....:....t.Xc:...Z.O..~..Y.....W.h.Z......t..Z.....:.....]...=..X]...qOJS..I.D..h2......O..}W+.....4v..i:.pY .\....O......`.c..k.........u.G._........@...uE ]...r.Nu....o........H.#. .So......e.t.e.$x~...U/....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWECCO\QSW_ECCO.dat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1712
                                    Category:dropped
                                    Size (bytes):667
                                    Entropy (8bit):7.709551214947367
                                    Encrypted:false
                                    SSDEEP:12:XRzXyeZsG7VrRmJTqMHUNnRKqlrgmZBa++LPbLNNazDqkq+a6O+6U:XtXlF7JMF/HAnRKFmZBaFlQzZw+6U
                                    MD5:97914A3D1AA4EAB552FB4FB05EB53C04
                                    SHA1:12F814529FCED4146D7B481C391D6DE2FA369591
                                    SHA-256:D241D0D4DF03B66460DB1E9DA5748ACB526B3BD79D255ED4EF9FDFB41A120465
                                    SHA-512:2FFEF1305634D47C36656BFA439D3E677071BF274FD31E4475FB12151F698594B64653EB6991CA78C9E86AD7BCEA1226094374BF73D476856E24A9F1B05983FE
                                    Malicious:false
                                    Preview:...........U.r.0.Mo.J.7.x.....4.x.t..a:.6m`..Q.M.bIA......~..l9...N.%..j....Jn,4..[ljT.."vGg7..j..I.. ...p.v.o.......r)H.n..4.>.M.......H'.lz;..p.wV...;.E.'...p..le...2a#.r...g.%P....d8. .]ZXx.....yUA5.....v.45.u.g...,.1B.f....i.v_>........`Yh.....R..8....m.FN.u=......Y.. .`.-.h...."N}.J-......)P`.`.Bh..{.n..v.....1hi)..k.......Y$.dp."B.iH..M.9...F../...<B.lL"P...GQ............O...g1V....e?.O..8..W....:.....cU.g g..gZ..".#<$......O..r!...GD).....'..eK.Z.l.s.C\s.lK..:.6W.B}[.b.{#...O)|mSB<dS9.....j..TJ...Z.W....>9.1.EL.....zv'p.3m].]7p.i.WVg..z...^.u......me.U*....J.uO.._....)..O..8su.]V...k.....!.......].....)\'JE}..a[._.[..~.>......

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWECC\QSW_ECC_04132019.sqlite

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):811008
                                    Entropy (8bit):7.979699939129058
                                    Encrypted:false
                                    SSDEEP:6144:epU+qGWmFyLhNfARzBRBI9PrNHdF3ZIWO1rrZpT90Whd6M5LMYGN5RBxbG3GPx98:+U+omFyLVhdlpy
                                    MD5:9A3A30CB997D1C2946062155C53E4427
                                    SHA1:D99B2CA9FD1EFEFBE94B3D6C7179D1794BBA7661
                                    SHA-256:ABF5C916FF8E9D60E0CF6989ED69248E46EA2C13C8130E97BA6DB517E11FE617
                                    SHA-512:3B3374F1D744508B1CF3427CD5ADA81D466271548EEFE1F7DA6CD42D418ED1D83B3D0C0491A5D89A553CF61151516ACF55CFC0E916B74FE3D95EF208BC6C8B9F
                                    Malicious:false
                                    Preview:.N.r".oT.n...]...S.......RU5.....G......./....M..w.D..gl..ZC...#C.gN*^.$.U%.x..7.=9.7..w.....Lyh.y....Tu...A=<Z.? Ha.H)l....4.A.n1g.6.0.q....<.7.+...G..."<.._.x..)...{.Q....l.u....2.XZ..6h...#.&.|B.J,.b...#.\...?cE)q5..(T....)...8'.U.}]....\._...}v..'.p..'.@.&"..}.P^..t>......~8.O.x.._...H..t...k.pn..b.@45.8}..G.p......|...E=..1...f.)-.....Nq..?@.K'.. I.<.4H..K*Cm./.X..V".#.W...C...m...........".p."...N=....r.`o..n...Ux+`.*....b...#m1....t.k5.e....,....j[&ER..F..v..D.w..KL,.Zo....F.y..vB...Hk.%;.8..G#..%.5....C=T7~.....j..u.DU....h..nwy.h...RT.B.gw...nV.......SmTk.'Y..r5...0...).A.......dG%./[(..^n..C..X..'.1..e6...<a..Z.w..&........\..C......W.P..h.(.He.Y=.w.&.L....1.&..@..... X.A&e..@.0y.6.[.m...d,58.........bj..'.T^.j...(!.wYT...M....4j.\w..I........(.I3.....;.Z..3.bZ.. :.".&&...$....p..&w+.....*......u.o...X...Z^Gi....w~.)....!Z..VFG....`N.y;...l]..hq..(;...h...G.0...._.9.............;..NdK..~r.XtD....wg.....v...@.A.GZY.2...a

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWECC\QSW_ECC_05092020.sqlite

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):4468736
                                    Entropy (8bit):7.992174434520115
                                    Encrypted:true
                                    SSDEEP:98304:rdm4/kfyDKPSTE8EGr9wJH2DUw4vF4/8xr1gpu/AzzosJegK7++DQ1+8S71LEdjB:rdm4/kfyDKPST7Gw4vF4/8xEu/Azzosp
                                    MD5:31BFF4948BC7C46832E08C82168AF6EE
                                    SHA1:936A97FEDDA532A4D7A9CA8532886132CED98361
                                    SHA-256:E855BAD5AA1DFFD6EDE8CE82E83E663F83B2B76837AD2D697546667194291494
                                    SHA-512:8D76BAD552431F9604DE12836EF94A5A70FC98DD60B88934D40C39133AA7828C2C14D1FA7CB750C8967B7BB5E7ABF0280A34C887DB0AE2C85612F32E73A70080
                                    Malicious:false
                                    Preview:.N.r".oT.n...]...S.......RU5./...G......./....M..w.D..gl..ZC...#C.gN*^.$.U%.x..7.=9.7..w......yh.y....Tu...A=<Z.? Ha.H)l....4.A.n1g.6.0.q....<.7.+...G..."<.._.x..)...{.Q....l.u....2.XZ..6h...#.&.|B.J,.b...#.\...?cE)q5..(T....)...8'.U.}]....\._...}v..'.p..'.@.&"..}.P^..t>......~8.O.x.._...H..t...k.pn..b.@45.8}..G.p......|...E=..1...f.)-.....Nq..?@.K'.. I.<.4H..K*Cm./.X..V".#.W...C...m...........".p."...N=....r.`o..n...Ux+`.*....b...#m1....t.k5.e....,....j[&ER..F..v..D.w..KL,.Zo....F.y..vB...Hk.%;.8..G#..%.5....C=T7~.....j..u.DU....h..nwy.h...RT.B.gw...nV.......SmTk.'Y..r5...0...).A.......dG%./[(..^n..C..X..'.1..e6...<a..Z.w..&........\..C......W.P..h.(.He.Y=.w.&.L....1.&..@..... X.A&e..@.0y.6.[.m...d,58.........bj..'.T^.j...(!.wYT...M....4j.\w..I........(.I3.....;.Z..3.bZ.. :.".&&...$....p..&w+.....*......u.o...X...Z^Gi....w~.)....!Z..VFG....`N.y;...l]..hq..(;...h...G.0...._.9.............;..NdK..~r.XtD....wg.....v...@.A.GZY.2...a

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWECC\QSW_ECC_05252021.sqlite

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):4468736
                                    Entropy (8bit):7.9915112744392145
                                    Encrypted:true
                                    SSDEEP:49152:m+vGsStRO7TZ9TihiCO8BDiUk/woTg3cw5Ao1AQfSUMrJC:m6GP3SQ
                                    MD5:240937E5CCE933697583531AA908444B
                                    SHA1:9D959A52F3B1602ADD728CED4FCDFCED2424FE6D
                                    SHA-256:5319A471957EE5D2AF6AA1F6B6399B7EC84D0F0D7C8DC35FD470DE23CEA6E459
                                    SHA-512:F06452B20A31F234096713628FA66977633ECA9FB260AA24511DC58AE345A01629671BC0F60E2497140D7CB5AB246756ABF8A2498954EB138636ED4A2FB1B5A4
                                    Malicious:false
                                    Preview:.N.r".oT.n...]...S.......RU5./...G......./....M..w.D..gl..ZC...#C.gN*^.$.U%.x..7.=9.7..w.....=yh.y....Tu...A=<Z.? Ha.H)l....4.A.n1g.6.0.q....<.7.+...G..."<.._.x..)...{.Q....l.u....2.XZ..6h...#.&.|B.J,.b...#.\...?cE)q5..(T....)...8'.U.}]....\._...}v..'.p..'.@.&"..}.P^..t>......~8.O.x.._...H..t...k.pn..b.@45.8}..G.p......|...E=..1...f.)-.....Nq..?@.K'.. I.<.4H..K*Cm./.X..V".#.W...C...m...........".p."...N=....r.`o..n...Ux+`.*....b...#m1....t.k5.e....,....j[&ER..F..v..D.w..KL,.Zo....F.y..vB...Hk.%;.8..G#..%.5....C=T7~.....j..u.DU....h..nwy.h...RT.B.gw...nV.......SmTk.'Y..r5...0...).A.......dG%./[(..^n..C..X..'.1..e6...<a..Z.w..&........\..C......W.P..h.(.He.Y=.w.&.L....1.&..@..... X.A&e..@.0y.6.[.m...d,58.........bj..'.T^.j...(!.wYT...M....4j.\w..I........(.I3.....;.Z..3.bZ.. :.".&&...$....p..&w+.....*......u.o...X...Z^Gi....w~.)....!Z..VFG....`N.y;...l]..hq..(;...h...G.0...._.9.............;..NdK..~r.XtD....wg.....v...@.A.GZY.2...a

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWECC\QSW_ECC_07092020.sqlite

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):4468736
                                    Entropy (8bit):7.992176418069939
                                    Encrypted:true
                                    SSDEEP:98304:GuDsbsvbEfXa/Okafl9H7Qn3eWNvYBhpZM3K/8P7A0ondP8ws75us9GPXXQRbw4Z:GuDsbsvbEfXa/+cuWNvYBhQK/8P7A0o+
                                    MD5:25DFD940DC65AA25ABC9B3D7C9E56CD6
                                    SHA1:4CF5B48A2383830A843E23F20C431A2E5FCA6063
                                    SHA-256:85FD30B1A199585D461180595F1648C684621230425248EDEF23E7B32FB460A1
                                    SHA-512:8B69E639D649D1E79CA12323F0C0CBF762C94121488921DA388C4D9D50A2BFC2C6CEDE8AA571C34995A26FFCB95EF3A8BD59D456BA2786AB204A1955233C1BA0
                                    Malicious:false
                                    Preview:.N.r".oT.n...]...S.......RU5./...G......./....M..w.D..gl..ZC...#C.gN*^.$.U%.x..7.=9.7..w......yh.y....Tu...A=<Z.? Ha.H)l....4.A.n1g.6.0.q....<.7.+...G..."<.._.x..)...{.Q....l.u....2.XZ..6h...#.&.|B.J,.b...#.\...?cE)q5..(T....)...8'.U.}]....\._...}v..'.p..'.@.&"..}.P^..t>......~8.O.x.._...H..t...k.pn..b.@45.8}..G.p......|...E=..1...f.)-.....Nq..?@.K'.. I.<.4H..K*Cm./.X..V".#.W...C...m...........".p."...N=....r.`o..n...Ux+`.*....b...#m1....t.k5.e....,....j[&ER..F..v..D.w..KL,.Zo....F.y..vB...Hk.%;.8..G#..%.5....C=T7~.....j..u.DU....h..nwy.h...RT.B.gw...nV.......SmTk.'Y..r5...0...).A.......dG%./[(..^n..C..X..'.1..e6...<a..Z.w..&........\..C......W.P..h.(.He.Y=.w.&.L....1.&..@..... X.A&e..@.0y.6.[.m...d,58.........bj..'.T^.j...(!.wYT...M....4j.\w..I........(.I3.....;.Z..3.bZ.. :.".&&...$....p..&w+.....*......u.o...X...Z^Gi....w~.)....!Z..VFG....`N.y;...l]..hq..(;...h...G.0...._.9.............;..NdK..~r.XtD....wg.....v...@.A.GZY.2...a

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWECC\QSW_ECC_07282020.sqlite

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):4468736
                                    Entropy (8bit):7.9918444451353965
                                    Encrypted:true
                                    SSDEEP:98304:qkJKnAl2TuU1lFiG1LQmUyLXycqDEjeHJ//9L7LC/gOQmkfVF:qkJKnAl2TuU1lFiGZ1I/E/gTVF
                                    MD5:9CC5A574CCD805CEF67AC5E37A39E8F0
                                    SHA1:D25662C6D2FDDCFF8688942A94800A6FC2F0FCE9
                                    SHA-256:8ADFDCC21BD8044B389663CCEE2976365E1E19049BA0B36F1E24965EAF4743C8
                                    SHA-512:347A885750944D14269B96B5D0522D9BD8E687D56EE1DE552280E2B1ED1D90ACFD33181F79E48B2060D7AB45A4A61E7B41787784E488285E4B081B64572047BF
                                    Malicious:false
                                    Preview:.N.r".oT.n...]...S.......RU5./...G......./....M..w.D..gl..ZC...#C.gN*^.$.U%.x..7.=9.7..w......yh.y....Tu...A=<Z.? Ha.H)l....4.A.n1g.6.0.q....<.7.+...G..."<.._.x..)...{.Q....l.u....2.XZ..6h...#.&.|B.J,.b...#.\...?cE)q5..(T....)...8'.U.}]....\._...}v..'.p..'.@.&"..}.P^..t>......~8.O.x.._...H..t...k.pn..b.@45.8}..G.p......|...E=..1...f.)-.....Nq..?@.K'.. I.<.4H..K*Cm./.X..V".#.W...C...m...........".p."...N=....r.`o..n...Ux+`.*....b...#m1....t.k5.e....,....j[&ER..F..v..D.w..KL,.Zo....F.y..vB...Hk.%;.8..G#..%.5....C=T7~.....j..u.DU....h..nwy.h...RT.B.gw...nV.......SmTk.'Y..r5...0...).A.......dG%./[(..^n..C..X..'.1..e6...<a..Z.w..&........\..C......W.P..h.(.He.Y=.w.&.L....1.&..@..... X.A&e..@.0y.6.[.m...d,58.........bj..'.T^.j...(!.wYT...M....4j.\w..I........(.I3.....;.Z..3.bZ.. :.".&&...$....p..&w+.....*......u.o...X...Z^Gi....w~.)....!Z..VFG....`N.y;...l]..hq..(;...h...G.0...._.9.............;..NdK..~r.XtD....wg.....v...@.A.GZY.2...a

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWECC\QSW_ECC_08112018.sqlite

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):811008
                                    Entropy (8bit):7.979699939129058
                                    Encrypted:false
                                    SSDEEP:6144:epU+qGWmFyLhNfARzBRBI9PrNHdF3ZIWO1rrZpT90Whd6M5LMYGN5RBxbG3GPx98:+U+omFyLVhdlpy
                                    MD5:9A3A30CB997D1C2946062155C53E4427
                                    SHA1:D99B2CA9FD1EFEFBE94B3D6C7179D1794BBA7661
                                    SHA-256:ABF5C916FF8E9D60E0CF6989ED69248E46EA2C13C8130E97BA6DB517E11FE617
                                    SHA-512:3B3374F1D744508B1CF3427CD5ADA81D466271548EEFE1F7DA6CD42D418ED1D83B3D0C0491A5D89A553CF61151516ACF55CFC0E916B74FE3D95EF208BC6C8B9F
                                    Malicious:false
                                    Preview:.N.r".oT.n...]...S.......RU5.....G......./....M..w.D..gl..ZC...#C.gN*^.$.U%.x..7.=9.7..w.....Lyh.y....Tu...A=<Z.? Ha.H)l....4.A.n1g.6.0.q....<.7.+...G..."<.._.x..)...{.Q....l.u....2.XZ..6h...#.&.|B.J,.b...#.\...?cE)q5..(T....)...8'.U.}]....\._...}v..'.p..'.@.&"..}.P^..t>......~8.O.x.._...H..t...k.pn..b.@45.8}..G.p......|...E=..1...f.)-.....Nq..?@.K'.. I.<.4H..K*Cm./.X..V".#.W...C...m...........".p."...N=....r.`o..n...Ux+`.*....b...#m1....t.k5.e....,....j[&ER..F..v..D.w..KL,.Zo....F.y..vB...Hk.%;.8..G#..%.5....C=T7~.....j..u.DU....h..nwy.h...RT.B.gw...nV.......SmTk.'Y..r5...0...).A.......dG%./[(..^n..C..X..'.1..e6...<a..Z.w..&........\..C......W.P..h.(.He.Y=.w.&.L....1.&..@..... X.A&e..@.0y.6.[.m...d,58.........bj..'.T^.j...(!.wYT...M....4j.\w..I........(.I3.....;.Z..3.bZ.. :.".&&...$....p..&w+.....*......u.o...X...Z^Gi....w~.)....!Z..VFG....`N.y;...l]..hq..(;...h...G.0...._.9.............;..NdK..~r.XtD....wg.....v...@.A.GZY.2...a

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWECC\QSW_RTS_ECC.sqlite

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):8192
                                    Entropy (8bit):7.96218439648415
                                    Encrypted:false
                                    SSDEEP:192:vKkHKGGAHa3ZaRdAdIlKkHKGGAHaooFC2j1gYf:9HKQHa36aCHKQHaoozga
                                    MD5:7AC9C8EDC0B02481CFB7FEE5F6488CCE
                                    SHA1:1661E681895707EF0951E9854B35896522FA4A6F
                                    SHA-256:FFFE79D589C90DEB4677A0926F0A2DFACC68417638F12C76C88FA80107F34CDA
                                    SHA-512:02DC4265E7CB065F33A51B5F0D7333E15117B3D551A9DD3FB3B35C847836A1A3F4DFA59240F92BC5719A104A68AD1215C68832584A4AF6DEACEF62FCE49FB344
                                    Malicious:false
                                    Preview:.N.r".oT.n...]...S.......RU5.n...G......./....M..w.D..gl..ZC...#C.gN*^.$.U%.x..7.=9.7..w.....=yh.y.h...u...A=<Z.? Ha.H)l....4.A.n1g.6.0.q....<.7.+...G..."<.._.x..)...{.Q....l.u....2.XZ..6h...#.&.|B.J,.b...#.\...?cE)q5..(T....)...8'.U.}]....\._...}v..'.p..'.@.&"..}.P^..t>......~8.O.x.._...H..t...k.pn..b.@45.8}..G.p......|...E=..1...f.)-.....Nq..?@.K'.. I.<.4H..K*Cm./.X..V".#.W...C...m...........".p."...N=....r.`o..n...Ux+`.*....b...#m1....t.k5.e....,....j[&ER..F..v..D.w..KL,.Zo....F.y..vB...Hk.%;.8..G#..%.5....C=T7~.....j..u.DU....h..nwy.h...RT.B.gw...nV.......SmTk.'Y..r5...0...).A.......dG%./[(..^n..C..X..'.1..e6...<a..Z.w..&........\..C......W.P..h.(.He.Y=.w.&.L....1.&..@..... X.A&e..@.0y.6.[.m...d,58.........bj..'.T^.j...(!.wYT...M....4j.\w..I........(.I3.....;.Z..3.bZ.. :.".&&...$....p..&w+.....*......u.o...X...Z^Gi....w~.)....!Z..VFG....`N.y;...l]..hq..(;...h...G.0...._.9.............;..NdK..~r.XtD....wg.....v...@.A.GZY.2...a

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWM2\QSW_M2.dat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 54288840
                                    Category:dropped
                                    Size (bytes):2095999
                                    Entropy (8bit):7.896945732072271
                                    Encrypted:false
                                    SSDEEP:49152:GMK/5RpphE/E5jhIFnxKcyn7pGxeS9bb2T8JD99v7JKv69S:qE/Ethan8zMvdZFKSg
                                    MD5:7EC3015447DFA944F9DFFFA82D7B9FF6
                                    SHA1:5DCFD3A4E9473476621FB6C938299A5FD7140E23
                                    SHA-256:B9154C3BFA3DB9C4F4D5F5BCF076624193EAAADE636E26FFA1A382BD2CBF414C
                                    SHA-512:7AD012AB5C869126E72E9C8801CB49973F5D6A00540A1080E2A94EA5F27835EE0E0BCEDF27AA6D33E787DA1E8F11AF9D275E8120BBB0DF4FF4F8F9308A94A6F2
                                    Malicious:false
                                    Preview:............oGr.'...t.2.gDM..f.#..j.jC..R..l..A..J..d.d...../.g...km.X...g....0...9.{..\+..2".w~.w~.w..........q....o......o?..........7....O...........o.....~....~../..?.._.........._.o...._.....a.|X..........o...O......3.....?...W.~../.....?|..?..>|...u..../............~....u.../.../...O...........?}.u..a..._~...........1..........|.o.>.G...7?..................._.5.5.W_..cZ.?.......~.k........._...G..._|..._}.._~.....'...w..G.g....~../>|..G_~...........w?..{...................7...|.......}....~..._..........B~.._.......W.~............~...{..c.......?...c............_..\..O?...............|.._>.I.........7k.......>.........>.....{>.|....>...'..............)/..o.............7....._..._..}...?..~x.....7.~.._.}}....g...._>x.?...>...?..~.....~.._|.....o..'...Ko....~.@.........z....|..O.........C....|.........;....w.....>..o.....~.._................O..........'.........~.G.|.....3...g.||.......g..|..?.....=.3.I%.O>.{?../....../..K..

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWM\QSW_QSSR_USA.dat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 20371024
                                    Category:dropped
                                    Size (bytes):4702023
                                    Entropy (8bit):7.995430595026383
                                    Encrypted:true
                                    SSDEEP:98304:zdjpa7bFTcIM7bAo/SB0A/d/QUe53SOQaEFaqk1aFvg6z:9paV4IM7EYAYiOMFTR5hz
                                    MD5:B747337D3F5140ABC7445B8F66CC7CBD
                                    SHA1:F6B8363A2149D1743CC68808EC2B7B3C28FDDB32
                                    SHA-256:2E3030A602C68F8F852F25DA58825F689D00B6F2716EA419D9878065FBB5E229
                                    SHA-512:A28A83F95ED8D3EC9423735C661DA3637759BE29FBC68FA426CE315594EFE95FCBF6B33E1677DF7EEE8798AAA7CB8C1D85DA2C76A35D22C644B5903352091A50
                                    Malicious:false
                                    Preview:..............Ve..o3twwwwww#%..%]R...(R...`...bw."(bP~...}N.#...=.#.t~..<.b..f&I\.$I......W...j.}.n.*v.0y....*_...SFM..J...W.p.ic.N.<...a.N.4.|......5..Y.'..6...ic...Zq,..............&.&..#.R".R#.."..#.2".2#.."..#.r".r#.."...............J..J......*..*........j..j..................Z..Z......:..:........z...Ao.A_.C.\....A..!..a.....Q..1..q.....I..)..i.....Y..9..s1.........K...q=V`%Va5.....:........p3n..........l.........{...p7..~...8.C...q....<..p..x.<.G.I.h<m..[..6n..AS....... ..[..=4x.H...e........yQ.Y...l5l..a.S..5}.....l2bX....K..W.d........<........6_b.....r.z.._..t5u.n..L.6.b...S.......S>.O......d@.....?.j..U.t........6n..a)..?......9..Ac...0 Ijm..h....../..Q........yI......'...7.....[X....S..'.!~Nq..Sf.U....._...F._.......\z.KS.J/].Lz..5e...a.z...r.qU...4e.....DZm'..?5...*...a.BB....'..b..^.*.z7.....<.2a.t.*..d4......>..=%..X.*.....+.M}.ib./.=..W....Hh].R.../._..Q}.ic...]..W,`...3,....=Z:..b...~W.....2..L..3F[g.4}..[..U...L....4..SG.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Rates\QSWWO\QSW_SPWO.dat

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 8261
                                    Category:dropped
                                    Size (bytes):1130
                                    Entropy (8bit):7.796580847003739
                                    Encrypted:false
                                    SSDEEP:24:XR+If60YjEL4CFxJehyEyJWR6wB/oZiMEfw5XGl0r:XR+H9gxME3WEXBr
                                    MD5:087833B3161BE938E9AEA42F61C0DC94
                                    SHA1:30C44EE4F2E81761BF7C70AD9354B410788708DB
                                    SHA-256:4D9F2ADBB23661747671FE7E1E34EC8D991469B6F8F0B9C25FD32EBDF8AB3C55
                                    SHA-512:5C8722FA965E105A6B9B13E72FB082DE860E610CC0B264496B7BDC21308A71695ACEE8BDA66CDD37EBA78974B7B5EAD23106485C3BBCA0ED868657BBDE2BF6CD
                                    Malicious:false
                                    Preview:............n.6.....e.v.....]L..........o...M...b...0{...d.uY.(..V..(.>.?.K......[......w/...f.yTE..o..I..\.....N...QN.E..K}.&...nZ.I..u.D^...O\...C........uJ..;...+..U./."._g.U|C..1?{.,.?.(..z.M.Y.O..\du....z4|..R.....-...g=..j.C..d....M9(..,."/G...6....V..Y..`M@.....9.'/.Jm.f....Y..V..$fEY,.^\d.....y..%.).h^Yy.....n{..[.t3.[..../....e.Mx.%.4.l6Ir.x.#.G.....m...T.[..%OS.....,./.f..x.9.b~...]...Y.O.2.g..1..aB.-._N.._+.|./....7.S........m...|d.T.J..V...Tv!.....1..|..........j.x./.8.....#/.)....f.f{U..E...|..:.m+5...=.......l....s..i..T.mA..N..}{oQ.v...%.m....K6.L4..........]...p...ww..0...=...;.p.......?....B..$.@..=.*"..**.G..J....{..`y.,W.EB|.X...Say...X...Wa..1L...+Pa...z./..?...D.-.%\}..F:..._{ 2.'..Ha40p..D..a.tR.....>.#..d..)...}.i..sM....RX..0.O.:.4.. ..!...M.....0$..^.K...<./A.c...uL..C...2{.....>......<.MA.......... .[...*..W......+>.Z.....V......+>W........J.~%...6.q....V.........d..+.K.|./B...W..`.a....N...d.....@....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Resources\AGLCStructuredSettlements.ico

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:MS Windows icon resource - 17 icons, 64x64, 16 colors, 4 bits/pixel, 48x48, 16 colors, 4 bits/pixel
                                    Category:dropped
                                    Size (bytes):186497
                                    Entropy (8bit):7.251643732514519
                                    Encrypted:false
                                    SSDEEP:3072:2pdCtsE9jHCMXwbRubyV/qCnvBB7pCZwTILB65Cy3Mbd1mTDosub:MdCtsE9jHCMCgbY/FvBB7EwY6t+0ojb
                                    MD5:88C7872F9F3F64239A210CA24A46B367
                                    SHA1:B6956D6AE2ED949D83AA284DF68DDBB6DD91778D
                                    SHA-256:BE1E93212D15EEDF375A5BF34FCF72C825D602E6508F99B782BC80A94F48854C
                                    SHA-512:2341876FDEE82978A8346D9F460C7F62209EA7E12D24B3F14ABEBF5A9B320DD918C0618C6332770B2D01144456B61F8ABDB357A81116B636CA628AA7552247E4
                                    Malicious:false
                                    Preview:......@@......h.......00......h...~... ......................................(.......@@......(.......00.............. ...........<..............VE..........h....L........ .k....Q........ .(....I..@@.... .(B...R..00.... ..%..A... .... .............. ............... .h.......(...@.....................................................................................................................................................................................................xxw.........wx..........wvx.....vDDw.vvTG.wtlg.wD.w...tDDDw.....Du.....V..dE....Dx....DF...x....DN........tF....Dx...tD.........DH........dG....D....DH.........DH........tF....Do...DH.........Dg.........G....D....D..........DH........tF....Do...D..........DG........lG....D....D..........DN.........F....d....D..........Dg........tG....D....D|w........TF.........F....D....D....Gx....dG.....~..TG....D....D....Dg...dF.....x.tD....D....th...DO...DW......x~DFx...D.....H..tG.....DF.......wtLx.GDG...\x.d......Dg.....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Resources\Error_Message_Icon.jpg

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 600x600, components 3
                                    Category:dropped
                                    Size (bytes):26624
                                    Entropy (8bit):7.932237172549956
                                    Encrypted:false
                                    SSDEEP:384:frbUtELVjYjmLcRj8IPnSRxoVg5pMN3yj22xQw6hItat9T5o9t0hcAgDiPQAc6kQ:X2EL662FsksyFitatpiCpYerKw6Vq
                                    MD5:E64D60F3E41A8AD21E9350901B777715
                                    SHA1:A93F43EFFE6274552DE78E7BDE0B825515297603
                                    SHA-256:7EDDB3432CDF9F4EAFD9CA0DB98F5A71FAB0E8762DF9388AB6370EFBAE701261
                                    SHA-512:DE48A5D818C1ED7DF7779646C40F0E6BCE12FB0BB73CB3250BB17E677252FF20EB00D1BD58028957B9E83C19D6FEAC8888A99865FFF20F39554A084E9D4274D7
                                    Malicious:false
                                    Preview:......JFIF.....H.H.....C..............................................!........."$".$.......C.......................................................................X.X.."............................................................................................s-...4......K&..r............................[.0ciA..z.f..E8..1..LcA.E.U...';Kl.-.d.Jj.................K.5.Km..r."........wt.>Y...O..cc..xf;=...g..y.p.7.C-}.."..GP....W{8...vq....~...s .]..............#.....+Xf^...c..y.......Z.]...w.5"bd.)$BDJba"..sw.......m..J<....b.....|..Y ...........IV..i...r......G..z:.8.:zq38.2..2...H......$...X...z.C....h.nlrj.[...k./Cz............D.l.T`.....k....Un.e...2J@LH..R..@.D.L.H..D..'.y.s...s..k..f...>..U.D.v@.......)).Y..ZU..^...J...Fi.... L..bR.. .D..31 ........zF...^{g.N......;...+........=...Z.u..4.bUV.$d.@..2. ..J`T....%)...H.....0&....r^.o...[.....y..6.......\.9s1.Q.v..].V.T.f...1%P....D.1$.....d....f%... D.,'..W9..|.5v............._...S....O*~.d.p....]_T.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Resources\agl.ico

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:MS Windows icon resource - 15 icons, 256x256, 16 colors with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 4 bits/pixel, 48x48, 16 colors, 4 bits/pixel
                                    Category:dropped
                                    Size (bytes):60485
                                    Entropy (8bit):6.980693972285136
                                    Encrypted:false
                                    SSDEEP:768:O8ehHpdD3mQHv5Uj0hwNwOD7QusXa0jGiUJ08yTsNxdsNxPRskIM3:Zepp4GvYasGK0qo8esvdsvPRskb3
                                    MD5:C93625FFFA4EDFCB8FFAB613509E784D
                                    SHA1:B22C063834DAA6B3DF8000F680164A12BDFB709B
                                    SHA-256:BEEF7A82F8C9DCBEBFA683A6FB25A4E499FAC01AAFF43E80DABB56AED0DEB949
                                    SHA-512:8CA4593C673D836057AE60A448DCA07D261898E6FD731FEB6437B021C9DC38EA55C3E0FEAF39743937BE046A269B86A0AE5DA5DE32C6BBD1AF9F3831CC380D8E
                                    Malicious:false
                                    Preview:...............b......00......h....c.. ..........{i..............cl..........(...Kn..............so..00...........y.. ..........................L...........h............. .....|...00.... ..%...... .... ............... .....U......... .h........PNG........IHDR.............\r.f..a.IDATx..].v.8.D..._.w.nR.B.HK.lf.}..Z.H.....~E...#....?..O._.......~..I...............~...5...y........O.'..N..../.....+#x...?.........u|..d../..................%.6|..........o....1V.....!F!..Q.O...?.........(>....*({.,.:.........'.O..m~....s. ..,8]....g.#..0...39.^...L4..C..=?...:]..G..z..5Fa...L....I ...R....;?....C.....@...&&..[(.).......f...{...WU..y..z~.....g.....D.wG-+."....tT......(...d8~.pH'.8...u..\.>.|3....<:.s^...Bo..=.|...=?......l..*.......Q.b....zbJG..M...R....a.9.zH.?......7.[.6c.......g.&...2_6...1......#V......w..}.~....=..z:;..........W.w^..U...![.la..,...=_.a...sQ..K.....9..*.e..v.......G....N ......./..Y..<r...@....+...8L>5.et.....+.....]>.......-L....k$.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\RestSharp.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):192000
                                    Entropy (8bit):6.153290072885009
                                    Encrypted:false
                                    SSDEEP:3072:bcDieefd3nF+GhIVE+mvJOUc6XM42SuYA6qIGqskUi2m7FktfLJ19D:mq9nF+GmVBmQUt2Su2jGqskF
                                    MD5:6122F53B28D172D5711B79427D89B409
                                    SHA1:6BDE48731F89B3BBBDE7614898638A4F33121114
                                    SHA-256:676E00E8F81B6C25E122277D55A56D28924A4CC304F160AD1DFB803E8D2EA594
                                    SHA-512:A9E6D2BD3B62A7B37F7A0AA241F057E8266ED836B3DF92AB4DC9D7AE7A9E928BD468D7D8E88E7BA1CA04CA443A0A552CA6419CEA69CC3F9B3F2C7E7F7899A4B9
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../L@..........." ..0.................. ... ....... .......................`......y.....`.....................................O.... ..L....................@..........T............................................ ............... ..H............text........ ...................... ..`.rsrc...L.... ......................@..@.reloc.......@......................@..B........................H.......\.......................T.........................................{&...*..{'...*V.((.....}&.....}'...*...0..;........u......,/()....{&....{&...o*...,.(+....{'....{'...o,...*.*. z... )UU.Z()....{&...o-...X )UU.Z(+....{'...o....X*.0..b........r...p......%..{&......%q.........-.&.+.......o/....%..{'......%q.........-.&.+.......o/....(0...*..(1...*^.(1..........%...}....*:.(1.....}....*:.(1.....}....*R.rI..p.(2.....}....*..{....*..{$...*"..}$...*..{%...*"..}%...*..{&...*"

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\System.Data.SQLite.EF6.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):186880
                                    Entropy (8bit):5.791245966136652
                                    Encrypted:false
                                    SSDEEP:1536:CyUY5ArG1uD4nl6KP8c33LEAvD0UZWZ+M8rAaDOmzxOkMabge9lh0Ep:Cq5AOR6KP8cHLE49scOhNaZ9T3p
                                    MD5:434410AA1B5CAFB438433C786E46D910
                                    SHA1:49F9EEEF6A52093FE8D75260A38A6CAEDBB437F0
                                    SHA-256:F760D2C31907B17A3A7937ECDDD019707CD32B112FF22B5FEC9A8CE9D71E0637
                                    SHA-512:D73EED6C1F25895DC7166D64F6E657319F5D2AA3B942B1A4AA2FA821EE58FC8C1A7D4DD6BC983226C359700E85758E9E597EA64EECF4E612D89CDD9398DDC1CB
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......\...........!..................... ........... .......................@.......0....`.................................P...K.......X.................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...X...........................@..@.reloc....... ......................@..B........................H...........`...........H...n...P .......................................^.Tf...|..}.x.e1LO...k.\3;c>.&....#..1nU'L.b.6.X8A..x...@....k.S...(.......Z..W~!Xse>.X.'.!........<.).......@A."d......|..(....*.0..3.......~.....(...., r...p.....(....o....s...........~....*.~....*.......*V(....r=..p~....o....*V(....ri..p~....o....*...0..6.......~....s.........o.........r...ps......r...po....&.o ...o!....o"....o#...&...r...po....&.o$...o%.....+D..o&...t......,...+..r...po....&.o'

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\System.Data.SQLite.Linq.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):186880
                                    Entropy (8bit):5.788346512389375
                                    Encrypted:false
                                    SSDEEP:1536:/yUY5ArG17z6KP8c+wcIaQAaDOWzxOk9abge9lh0EQ:/q5AO/6KP8c1fa5cOxMaZ9T3Q
                                    MD5:465A6A431A6BB55EB81631E7C87A2B07
                                    SHA1:1A58176BB6942C120288F5BE706AAE7F0303B562
                                    SHA-256:C6B90E139871B3A2CC3F75B17B8DEB4D09B764BCB37499C48F3193F65AE54C7B
                                    SHA-512:4A679177B1678A1EEC6B6844F022F39001C759A08A4A86DD067EF8E326922B2B22545DA5BDC18E55A8867E1E012863A24A90C4144B9D3D6AB8BB9046A57A5C3A
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.]...........!..................... ........... .......................@.......5....`.....................................S.......8.................... ....................................................... ............... ..H............text...$.... ...................... ..`.rsrc...8...........................@..@.reloc....... ......................@..B........................H......................H...n...P ........................................@...Y.2.$..1....d...,B.._..I..k2..,..J....Q.=..X.......!..3.}....4.!..A.....5.....G.....K..Q._ .(9....e]}.9k...H...Y..(....*.0..3.......~.....(...., r...p.....(....o....s...........~....*.~....*.......*V(....r=..p~....o....*V(....ri..p~....o....*...0..6.......~....s.........o.........r...ps......r...po....&.o ...o!....o"....o#...&...r...po....&.o$...o%.....+D..o&...t......,...+..r...po....&.o'

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\System.Data.SQLite.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):363520
                                    Entropy (8bit):6.012891344079906
                                    Encrypted:false
                                    SSDEEP:6144:ohyPltgBtbhGtJnUu5ICkU32S4TbFNFaFeFOFwcGF6cmFWc0FWc8cIcKcUFJFpc7:hEWoFNFaFeFOFwcGF6cmFWc0FWc8cIc4
                                    MD5:F6F175232A65443E59DE88CE0305B1D1
                                    SHA1:056ABF534AD279007ED7079C129F9CD4162B8B14
                                    SHA-256:51F53CE8158FD20501D96FE5EF11C2D32B6E2354264CEEB2F151C353BB3FFB88
                                    SHA-512:18EDEC6356A2E5455127B1A1C597D76D6C21FF0904A05C3309019F91E3C3D0109E49339E69DFC669B5ECFFD5350FC30D3154CEA6D9AD3538C1B718676C592D30
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.]...........!.................... ........... ...............................A....`.....................................O....... ...........................T................................................ ............... ..H............text....... ...................... ..`.rsrc... ...........................@..@.reloc..............................@..B........................H...........8...........`.......P .......................................:..N%.. s.....T.v..):.a'..qg.Wf....CL[XO....ka.[. .I..u.3|...\..=X.#../..j....:?.G.F..."Y.s..6...!..am.+.U.,........w:.(......}....*..{....*:.(......}....*..{....*r.(......}......}......}....*..0..5........-..*~.....o.....X...s....~.......o......o .........*6..(....(....*"..(....*.0..T........~!...("...-..-.~#...*../....+...X....($...-..-.~#...*..s........(%...~.......o&...*Z.~....2..~.........

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\System.Dynamic.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):125384
                                    Entropy (8bit):6.142920508554961
                                    Encrypted:false
                                    SSDEEP:3072:9XOCqdVs55ZN9R8PGRLI2O/dVDAd36CRSyfyh3:5qdVs55ZN9RxRLJ+yK3
                                    MD5:A1BE1EE19EC9DFB15CCE66B68AD92128
                                    SHA1:32026CED4DD145621CB1494386B087372815B6E3
                                    SHA-256:12C98428037BE45F344EB95DC8DBC9EC32C87F5AA075F5FE864B79C2FA6C204F
                                    SHA-512:C76C5261F6F1109635954E97AE191039F3C7FEEC68754E05CCF5001E3F8495710A14F7C2CF11D2AB4EF363E39C218DD629D056DAF5B5AB56029ACF5065C66E12
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._\.O.........." ................B.... .........c. .............................. .....`....................................O........................=..........t................................................ ............... ..H............text...H.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................".......H.............................t......................................."..o....*..*..(....*Z.r...p(....r...ps....*6.......( ...*N.,........+..( ...*Z.,..,........+..( ...*f.,..,..,........+..( ...*>.(!......( ...*V.,..o"......+..( ...*.0..B..............( ....o#....+..o$................( ....o%...-....,..o&....*..........$7......^.rY..p(.....o'...( ...*:.(......}....*..{....*6..{....('...*"..(....*"..(....*...o......q...((.....q...((...()...*b....q...((...(*...(....*r.(+....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\System.Numerics.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):138936
                                    Entropy (8bit):6.06794646954052
                                    Encrypted:false
                                    SSDEEP:3072:/0xz3hn60Zo7iEpxqP54kazI4dbpU2xQusA:/UEpIKp6usA
                                    MD5:EEB523D48E726F2FB738CFCA5C57B4E1
                                    SHA1:10599AA76D6E295752A6F407E865833178466905
                                    SHA-256:A2EDE18BAAFDD0464F0CAFEE337024BECCE7C81521C3CEF6607A3A167CAE669B
                                    SHA-512:7B7570E13F7CB663C35B5553ED15F12682CC8614B5F619C76B3C6E454D67D34056C7D9027C5250BAFB1B60112EB488403178135B18BDC5D9F4FD0BE1D1CC02F8
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5.Y.........." ..0.................. .........a. ....................... ......>.....`.................................j...O........................`........................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.........................................................................(.....r...p.(....o....s....}d...*..0.. .......~c...-.s......c.....(...+&~c...*..*.(....{d...*..0..s.......(......-..*.{d....(....o......,Q..,M..+6...u-.....,&.o.... ....1..... ....o....r!..p( ......X....i2.(!.....("...*.*..0..........(......-..*.{d....(....o....**..R.(....*.0..........(......-..*.{d....(....o#...*.*^.{l...,..{l...(.....&&*.~o...*.~n...*.~p...*.0..k........{l...-..{k....{k....Y_-..{k....

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\TallComponents.PDF.Controls.WinForms.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):6159872
                                    Entropy (8bit):6.3766758509415515
                                    Encrypted:false
                                    SSDEEP:98304:wrB8EYyw9qftizsIY7wQa+lK31iIp1k9Zv6:wrB8EYYMU7wQa+lK4Iv2Zv6
                                    MD5:92980EB5DE83A047A1B73AFD6C7AFD24
                                    SHA1:8A9AF6CEE869B6598205FDEEF31E4120F0E0B8E0
                                    SHA-256:75B6A22D1F1D90F3C1AEC0283B31B8F7BB37EEE3097E373C7E495DFFF2672432
                                    SHA-512:70456F82BD5AAB0F141090C7F326086C9CCB1272ED467427D34887A0D412F4DEA20BFD5015EB90ECF2010C32DE2824F5912E6B57743C0AE06F2E835EFBEA9E98
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\AGL\Structured Settlements\TallComponents.PDF.Controls.WinForms.dll, Author: Joe Security
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.N...........!......]...........^.. ........@.. .......................`^...........@.................................p.^.K.... ^......................@^...................................................... ............... ..H............text.....].. ....]................. ..`.rsrc........ ^.......].............@..@.reloc.......@^.......].............@..B..................^.....H.........>..#..........(e".....$.>......................................0...........(......}......(.....o....,d.o....o.....1..(....s....o....&.o...........s....o.....o...........s....o.....o...........s....o.....(............s....o............s....o....*...(....*.0..j........(....,a.(....o....,T.(....o...........s....o.....(....o...........s....o.....(....o...........s....o....*....(....o.....3..(.....o....u..........*.*...2.(....u....*....0..F........(....,'.(....o.....{...

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Uninstall AGLC Structured Settlements.lnk

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has command line arguments, Archive, ctime=Sat Dec 7 08:10:02 2019, mtime=Fri Apr 19 13:03:44 2024, atime=Sat Dec 7 08:10:02 2019, length=59904, window=hide
                                    Category:dropped
                                    Size (bytes):933
                                    Entropy (8bit):4.6706760912903205
                                    Encrypted:false
                                    SSDEEP:24:8CArJvKHbBAgYwB+s3DPVIYlHRc6wbCyfm:8CKNsbSg13DPVIYlO6s
                                    MD5:2B374A6EC61D118465EB034B24A208CD
                                    SHA1:0988930D11127BA376BDA65CC83981BD1C543830
                                    SHA-256:1C5ECA4DC0D48B27C68FAF5D10A842EB97989C14DA560DF75570F2D25608326D
                                    SHA-512:4707FD1D5B5D66036220450D2E2C33932B0676806BEBC84C7EC3D2064608CE76115DF9BD946FE4EAB0170E91654D5B8C561F9BA6EA571142C2B72A5FC2C1C335
                                    Malicious:false
                                    Preview:L..................F.... ...25........cb...25.............................A....P.O. .:i.....+00.../C:\...................V.1.....DWQ`..Windows.@......OwH.Xpp....3......................v..W.i.n.d.o.w.s.....Z.1......Xjp..SysWOW64..B......O.I.Xpp....Y.....................c.T.S.y.s.W.O.W.6.4.....b.2......OBI .msiexec.exe.H......OBI.Xvp................|.............m.s.i.e.x.e.c...e.x.e.......N...............-.......M............-Y.....C:\Windows\SysWOW64\msiexec.exe........\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.S.y.s.W.O.W.6.4.\.m.s.i.e.x.e.c...e.x.e.)./.x. .{.7.A.4.7.0.A.9.C.-.C.6.D.5.-.4.1.1.A.-.9.E.6.6.-.4.2.C.3.D.1.B.C.C.1.0.D.}.........)................1R..WH.....}'....`.......X.......579569...........hT..CrF.f4... ....U....,.......hT..CrF.f4... ....U....,..............A...1SPS.XF.L8C....&.m.%................S.-.1.-.5.-.1.8.........9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Wnl.SS.Quote.QuoteProcessor.DataTransformationLayer.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):77312
                                    Entropy (8bit):5.8123476781363985
                                    Encrypted:false
                                    SSDEEP:768:YZtQAGic6AwFRBuUdxJJfBur9DTvnJQKqvR1Q3Z0/wHf66666ekL7PpmCNbYjkJJ:ticCxjd49DTfJZ3RHqV3NbSDovKT8
                                    MD5:68A9B0F3B86884A660ACE7D613190900
                                    SHA1:B648B33A985BABAA9824865050D4A041B6F2404E
                                    SHA-256:F235BD89BD63408DFCF07EADAFA6AAA65894F9C264AD4DE6524DBAF534CC7694
                                    SHA-512:75F493FF8A64F5F96B54111FC6B1C4E3B40A54F679C89D4BCB03BEE9983095BA3E7651E1E4A9546BCB269531DA5F520E9E0D913B85176A3B653216FC108DB350
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...62.d.........." ..0..$...........C... ...`....... ....................................`.................................dC..O....`..............................,B............................................... ............... ..H............text....#... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................C......H..........D.............................................................{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*.0..t........( .....}......}......}.......}.......}.......}.......}.......}.......}.......}.......}.......}.......}.......}....*.0..v........u......9g...(!....{.....{....o"...9L...(#....{.....{....o$...91...(%....{.....{....o&...9....('....{.....{....o(...9....()....{.....{....o*...9....(+....{.

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\Wnl.SS.Quote.QuoteProcessor.DomainLayer.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):74752
                                    Entropy (8bit):5.83676566097515
                                    Encrypted:false
                                    SSDEEP:1536:S/txyKbo20iHFxMbxbkLGjS0H0ZlPt5xIOR9lWlvp9AO7:MysotRZtH0bYOflWb9AO7
                                    MD5:4A8F1D7DDBFEC2ACAA8480CFDEC0CBAA
                                    SHA1:C2D5ECF93B61F6F3F6720711E87AA0521A0D5EE3
                                    SHA-256:857AEC76E2D77ED810980163A4E131DBA432598E114EB5567D921475936D349E
                                    SHA-512:E0D0F7045F4CC39CD53C3E224EE0C90CD2B78E452A0E486FE41AC950B57E67BA70409F117168F92F0626814BA6FE6FA3DEF56C00031B57FA6DA388800FF0C8F6
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...52.d.........." ..0..............8... ...@....... ....................................`.................................l8..O....@.......................`......47............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................8......H.......|B..............\6................................................{....*"..}....*..{....*"..}....*f.(.....(....(......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\itextsharp.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):3485696
                                    Entropy (8bit):6.159816921012735
                                    Encrypted:false
                                    SSDEEP:49152:R6mfqyG5rL0Oy+tAvjAsB+7RyZD9FDkE3Pj:Rvqvt05
                                    MD5:4B1716853EA2868914F7EE82FBB39C49
                                    SHA1:CA54A4310C63C58B5916437A45A44499D58C1571
                                    SHA-256:BEB5C25EB5F659CBB2574F3EADDDA35C5B18E860558DAAC4533B4ED98E29BD55
                                    SHA-512:04F4D08D4A949F97D855239C37452A15D5D77870077DB4C1D32AD990E14DABD497E2F0E1AF7CFE183BEF13123BFCFB3C7C56B765B8949D2F7809719DFA2575C6
                                    Malicious:false
                                    Antivirus:
                                    • Antivirus: ReversingLabs, Detection: 0%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....f.L...........!......5.. ........5.. ... 5...... .......................`5.......6...@...................................5.S.... 5......................@5...................................................... ............... ..H............text...4.4.. ....5................. ..`.rsrc........ 5.......5.............@..@.reloc.......@5...... 5.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\x64\SQLite.Interop.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                    Category:dropped
                                    Size (bytes):1662464
                                    Entropy (8bit):6.5058415246996075
                                    Encrypted:false
                                    SSDEEP:24576:AdY5CDBvUllp6aN06t47Qa435hDGIf+cil3P3zuXVpuEU7cIFUz4mBSi9cOyasvj:aY5/160bphDG61il/3zuVpuZ7cIyzct
                                    MD5:A956F2E80AC1D4E4DDFB464E662818F2
                                    SHA1:82915896B196486C2407AAF605A1FCED7908511D
                                    SHA-256:3D6F6678E6EF30837C4B2C90492A4F0814255547D59B836738335DA9CAB084A8
                                    SHA-512:3F6F61DE39E50FA0BE1FB3CE3C835A1C98E89D2BBC614C40C0B9E7A7D0E33DC03DD0FDAD5C673DE6D93D10DB87E9AAD5168811FCBFAFD96A5B97F8F326EE3B36
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........V...7.J.7.J.7.JE.<J.7.JE.=J37.JE.>J.7.J.7.J<7.JH@JJ.7.J..!J.7.J..9J.7.J..:J.7.J..?J.7.JRich.7.J........................PE..d....;.].........." .........j.......-...................................................`.............................................W1..P...<....p..<....`..........................8...............................p............................................text............................... ..`.rdata..............................@..@.data...P........f..................@....pdata.......`......................@..@.rsrc...<....p.......*..............@..@.reloc...(.......*...4..............@..B........................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Roaming\AGL\Structured Settlements\x86\SQLite.Interop.dll

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):1343488
                                    Entropy (8bit):6.7808711663350625
                                    Encrypted:false
                                    SSDEEP:24576:IdP6QlwJ/goyutXYxB2Y+WeRRIBbXWlOcYUIRh1yN+Sm52Z4FstrB1sPID2Hcd5s:ErCJYTLQTIpyN+osP9H0ir
                                    MD5:14C3254ED4A05F508BC82A1A27A1739C
                                    SHA1:9E592DDC5D124CC22A2FB398514530B9824D8471
                                    SHA-256:DD74AA2286FF5BF08F14F1705AC1848C6B7D74E7F8013E22DAF97B242CB67FA7
                                    SHA-512:61E6116CC9B545A4036DADED6E5998661B9BE12871747BA3B6A9DB2A5FB3B901D68D95C3DD3A14128DFB559E93BA8564A727447599A88340574EDF5A5DE87698
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............c.^.c.^.c.^6.3^.c.^6.1^.c.^6.2^Ec.^.c.^Nc.^;.E^.c.^..^.c.^..6^.c.^..5^.c.^..0^.c.^Rich.c.^........................PE..L....:.]...........!.................-...............................................y....@..........................m...2..Tb..<.......<.................... ......@...8............................^..@............................................text............................... ..`.rdata..............................@..@.data....k.......J..................@....rsrc...<...........................@..@.reloc..0.... ......................@..B................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Installer\4889b3.msi

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords: Installer,MSI,Database, Subject: Structured Settlements, Author: Corebridge Financial, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2023 29, Revision Number: {2DAE1BFB-6F68-4AD8-A074-1F290D098EE1}, Last Saved Time/Date: Fri Jan 19 10:07:06 2024, Create Time/Date: Fri Jan 19 10:07:06 2024, Last Printed: Fri Jan 19 10:07:06 2024, Code page: 1252, Template: Intel;1033
                                    Category:dropped
                                    Size (bytes):91906560
                                    Entropy (8bit):7.983243289223872
                                    Encrypted:false
                                    SSDEEP:1572864:lxd3U0gUk2abcyG+gVjx9M1a+6RjmQkeveqdZG4kxTcDByZnXWghc:lxNkTAyZgj9kag3MZdkiDqnB
                                    MD5:6805ECCF602D5B45E52278067DA2C6CD
                                    SHA1:7B625F64F5B47BA59D830E18827D6E2E26D44739
                                    SHA-256:6398B1FCFBD04D29FD9BF5301442C2A0D39971BD62EEDA42942B7DC196F2310F
                                    SHA-512:D294EEECB9A845A9E3A7C6F88A23B93D218888CF8C6B9E27ADC179DB3A67477C92785B418534CB52E4CE22BC955BB938C142F7F9078B7605B200296C9F5B4F18
                                    Malicious:false
                                    Preview:......................>...................{...............8........6........................................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5..........;.......................................................................................................%........... ...!..."...#...$.......&.../...(...)...*...+...,...-.......2...0...1...4...3...F...5...6...7...>...M...:...<.......=.......?...@...A...B...C...D...E...H...G...W...I...J...K...L...N.......O...P...Q...R...S...T...U...V...Y...X...c...Z...[...\...]...^..._...`...a...b...e...d...o...f...g...h...i...j...k...l...m...n...q...p...}...r...s...t...u...v...w...x...y...z...

                                    C:\Windows\Installer\4889b5.msi

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords: Installer,MSI,Database, Subject: Structured Settlements, Author: Corebridge Financial, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2023 29, Revision Number: {2DAE1BFB-6F68-4AD8-A074-1F290D098EE1}, Last Saved Time/Date: Fri Jan 19 10:07:06 2024, Create Time/Date: Fri Jan 19 10:07:06 2024, Last Printed: Fri Jan 19 10:07:06 2024, Code page: 1252, Template: Intel;1033
                                    Category:dropped
                                    Size (bytes):91906560
                                    Entropy (8bit):7.983243289223872
                                    Encrypted:false
                                    SSDEEP:1572864:lxd3U0gUk2abcyG+gVjx9M1a+6RjmQkeveqdZG4kxTcDByZnXWghc:lxNkTAyZgj9kag3MZdkiDqnB
                                    MD5:6805ECCF602D5B45E52278067DA2C6CD
                                    SHA1:7B625F64F5B47BA59D830E18827D6E2E26D44739
                                    SHA-256:6398B1FCFBD04D29FD9BF5301442C2A0D39971BD62EEDA42942B7DC196F2310F
                                    SHA-512:D294EEECB9A845A9E3A7C6F88A23B93D218888CF8C6B9E27ADC179DB3A67477C92785B418534CB52E4CE22BC955BB938C142F7F9078B7605B200296C9F5B4F18
                                    Malicious:false
                                    Preview:......................>...................{...............8........6........................................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5..........;.......................................................................................................%........... ...!..."...#...$.......&.../...(...)...*...+...,...-.......2...0...1...4...3...F...5...6...7...>...M...:...<.......=.......?...@...A...B...C...D...E...H...G...W...I...J...K...L...N.......O...P...Q...R...S...T...U...V...Y...X...c...Z...[...\...]...^..._...`...a...b...e...d...o...f...g...h...i...j...k...l...m...n...q...p...}...r...s...t...u...v...w...x...y...z...

                                    C:\Windows\Installer\MSI9462.tmp

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):2026652
                                    Entropy (8bit):6.031439625761109
                                    Encrypted:false
                                    SSDEEP:24576:jG9VmsEPAiXx79VmsEvzGZo3l9VmsEPAiXxt9VmsEPAiXxVFSo:W9MAW9+6eD9MAa9MAQ
                                    MD5:13A4EE71C8337EC49B17FE94B7A4B6B1
                                    SHA1:D79F983B163C0786BBB5CB2ECC52BC70D2A35B0F
                                    SHA-256:15ECC3353D4A8547F27E00ED6FD068AF932AD6D1ABAA9B29E3F4BCEF2E1677AB
                                    SHA-512:803C5E16301376972994759FCE2C5A80CDE093BB52F440EAAD248DA77519C42C98C8528168284CB4589EBE04A49FCACC48DD9F27DA8E4AF74CF826EB33F49793
                                    Malicious:false
                                    Preview:...@IXOS.@.....@...X.@.....@.....@.....@.....@.....@......&.{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}..Structured Settlements..Structured Settlements.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{2DAE1BFB-6F68-4AD8-A074-1F290D098EE1}.....@.....@.....@.....@.......@.....@.....@.......@......Structured Settlements......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@V....@.....@.]....&.{6B21ED42-1EED-406D-B733-FF06F50507A4}O.C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Activation.dll.@.......@.....@.....@......&.{7665979E-FB5D-44B7-A0C7-4BF8882490FF}K.C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Agents.dll.@.......@.....@.....@......&.{76605CDD-2781-41BB-AECE-F1A84F4A4824}I.C:\Users\user\AppData\Roaming\AGL\Structured Settlements\AGLCSS.Calc.dll.@.......@.....@.....@......&.{08D6966E-1F4C-4BD5-B409-82EC3C4B116C}S.C:\Users\user\AppDat

                                    C:\Windows\Installer\SourceHash{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:Composite Document File V2 Document, Cannot read section info
                                    Category:dropped
                                    Size (bytes):20480
                                    Entropy (8bit):1.1692829762295167
                                    Encrypted:false
                                    SSDEEP:12:JSbX72FjO4iAGiLIlHVRp9h/7777777777777777777777777vDHFYfggLlJOWtr:JyQI5ZBgH2F
                                    MD5:7158CAD712786EDFA0A0F8B61DA46E49
                                    SHA1:255E7AD774F547ED76879D1E52836817B221E3F3
                                    SHA-256:94A974136D05180D7C4B0F489D148BF2E9A14434FAC4CAEDB25E6B39517D482A
                                    SHA-512:993118E4735B329BC4E22BFC81320CC294E77A21EE3B689BAF3E6A3066AEED52AF6D87C54600B8F41511FB0AFFB99F49CE2F8C14FC86C36A18FC2E35F2D605E3
                                    Malicious:false
                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Installer\inprogressinstallinfo.ipi

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:Composite Document File V2 Document, Cannot read section info
                                    Category:dropped
                                    Size (bytes):28672
                                    Entropy (8bit):2.2438554975239176
                                    Encrypted:false
                                    SSDEEP:192:m1hzjw9KSxaE19DkdIV7QjbmDAflAtVqZXaE19DkdIV7QjbmDAfl5dpY:mrzO6Y
                                    MD5:FDE45415ED0EE9EDCFB56112A6A20D4B
                                    SHA1:A81FA0B79FE7B65E0F2B60FB4AF4AF458245ACB3
                                    SHA-256:45B4C258606F0297951A53BAA086680FD72D1FEB60CE0F65045C8E8F6306CC19
                                    SHA-512:58F87F41BCBA7E2769E893C0BEAC2D2BF9ACD8879186C71DECD3F4BF439775759512D81F0C8425CA96A5FDE92EC8A4B97C96028BB8A24BF739360E76403C41C4
                                    Malicious:false
                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Installer\{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}\ARPPRODUCTICON.exe

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):477184
                                    Entropy (8bit):5.534755755479418
                                    Encrypted:false
                                    SSDEEP:6144:fbhDy1Lfy8PXjbNFnWRtaCdJZaJPdVv+o3iGE1uD9DeFbzA54s8xRXO:NDy1m8PXjbPnQEVmsE1uD9aAiXxRXO
                                    MD5:C01D21F1FC48964ABB7F94011FFD2E40
                                    SHA1:5E5D18662AB36C16F79F75ABB2F10A634CA5B471
                                    SHA-256:146C9DE3A0F75E5B35B806F1230239F8B99D602E81D8C2DC63B9D455444D026E
                                    SHA-512:404F7DB0AB609FE93B9B529F5B08751661546F68C026809756D43329E08AF3C842D29C35C9DF3105D69C4949418F284F8A3D15B96FF096179042C343DB5B81A0
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'.QF..QF..QF....].[F...._.+F....^.IF...:..tF...:..@F...:..EF....g.RF..QF...F...:..SF...:S.PF..QF;.PF...:..PF..RichQF..........PE..L...g..d...............".....t....................@.................................!.....@..................................e..(............................P..,"...U..T...........................@T..@...............T............................text...F........................... ..`.rdata..............................@..@.data...H....p.......b..............@....rsrc................l..............@..@.reloc..,"...P...$...$..............@..B........................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Installer\{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}\ApplicationShortcu_5528DECE9BBB4B31B1CE01660AA713F5.exe

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):477184
                                    Entropy (8bit):5.534755755479418
                                    Encrypted:false
                                    SSDEEP:6144:fbhDy1Lfy8PXjbNFnWRtaCdJZaJPdVv+o3iGE1uD9DeFbzA54s8xRXO:NDy1m8PXjbPnQEVmsE1uD9aAiXxRXO
                                    MD5:C01D21F1FC48964ABB7F94011FFD2E40
                                    SHA1:5E5D18662AB36C16F79F75ABB2F10A634CA5B471
                                    SHA-256:146C9DE3A0F75E5B35B806F1230239F8B99D602E81D8C2DC63B9D455444D026E
                                    SHA-512:404F7DB0AB609FE93B9B529F5B08751661546F68C026809756D43329E08AF3C842D29C35C9DF3105D69C4949418F284F8A3D15B96FF096179042C343DB5B81A0
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'.QF..QF..QF....].[F...._.+F....^.IF...:..tF...:..@F...:..EF....g.RF..QF...F...:..SF...:S.PF..QF;.PF...:..PF..RichQF..........PE..L...g..d...............".....t....................@.................................!.....@..................................e..(............................P..,"...U..T...........................@T..@...............T............................text...F........................... ..`.rdata..............................@..@.data...H....p.......b..............@....rsrc................l..............@..@.reloc..,"...P...$...$..............@..B........................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Installer\{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}\DesktopShortcut_9CC916EFDE5E4C0BBC65AF72911A3204.exe

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):477184
                                    Entropy (8bit):5.534755755479418
                                    Encrypted:false
                                    SSDEEP:6144:fbhDy1Lfy8PXjbNFnWRtaCdJZaJPdVv+o3iGE1uD9DeFbzA54s8xRXO:NDy1m8PXjbPnQEVmsE1uD9aAiXxRXO
                                    MD5:C01D21F1FC48964ABB7F94011FFD2E40
                                    SHA1:5E5D18662AB36C16F79F75ABB2F10A634CA5B471
                                    SHA-256:146C9DE3A0F75E5B35B806F1230239F8B99D602E81D8C2DC63B9D455444D026E
                                    SHA-512:404F7DB0AB609FE93B9B529F5B08751661546F68C026809756D43329E08AF3C842D29C35C9DF3105D69C4949418F284F8A3D15B96FF096179042C343DB5B81A0
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'.QF..QF..QF....].[F...._.+F....^.IF...:..tF...:..@F...:..EF....g.RF..QF...F...:..SF...:S.PF..QF;.PF...:..PF..RichQF..........PE..L...g..d...............".....t....................@.................................!.....@..................................e..(............................P..,"...U..T...........................@T..@...............T............................text...F........................... ..`.rdata..............................@..@.data...H....p.......b..............@....rsrc................l..............@..@.reloc..,"...P...$...$..............@..B........................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Installer\{7A470A9C-C6D5-411A-9E66-42C3D1BCC10D}\_1B086178_A74C_45CD_B17B_C24F85AAF899

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):489472
                                    Entropy (8bit):7.029363885888886
                                    Encrypted:false
                                    SSDEEP:12288:ZDy1m8PXjbPnQEVmsE1uD9CtzPMFvIWY6o0o5O:u9VmsEvzGZo3
                                    MD5:8262A773F613166CE0594071F874B10E
                                    SHA1:885A673064E7C56E7FDDD33F62FC7CC31CA81B98
                                    SHA-256:65B3AFC75E80C6157F01EA6F284222715B46FB481D2031939906EE6F2152547E
                                    SHA-512:EC77812E10F6F55FD03E979A93C9F69533FD0A8887D37A96EAC3B8CC4F53807E1F8822DA9EC74D4234130998D2CD287D9AE8115BFC9E136F2809E1CCEE245B9B
                                    Malicious:false
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'.QF..QF..QF....].[F...._.+F....^.IF...:..tF...:..@F...:..EF....g.RF..QF...F...:..SF...:S.PF..QF;.PF...:..PF..RichQF..........PE..L...g..d..............."..........................@.................................!.....@..................................e..(...............................,"...U..T...........................@T..@...............T............................text...F........................... ..`.rdata..............................@..@.data...H....p.......b..............@....rsrc................l..............@..@.reloc..,".......$...T..............@..B........................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):432221
                                    Entropy (8bit):5.375168444162905
                                    Encrypted:false
                                    SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauM:zTtbmkExhMJCIpErZ
                                    MD5:18F9B7E33F3B130F69703809D09FB43E
                                    SHA1:9DAC4F4665E459A5333F25ACF33A615809A728C1
                                    SHA-256:9DFC90EF4F84EE0DFCA95D5C74804B03DE5188C0150C05EB5A4A94BA2E24A722
                                    SHA-512:92EEA2FD4E7CF97757D26BE98D2C16E8CBC6FA24143D24927A103119BF4CAB53C9FBBC783144E1DD27EB0C28E35639EA0D32CE52AE1A043A0E250F2AD9472D48
                                    Malicious:false
                                    Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                    C:\Windows\Temp\~DF16A137F7FF8C93B8.TMP

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:Composite Document File V2 Document, Cannot read section info
                                    Category:dropped
                                    Size (bytes):49152
                                    Entropy (8bit):1.5864914034446365
                                    Encrypted:false
                                    SSDEEP:192:BvS9fsgjw9KSxaE19DkdIV7QjbmDAflAtVqZXaE19DkdIV7QjbmDAfl5dpY:BveUgO6Y
                                    MD5:63C9EF19BB0C8D3DA7C283DDAD3BC95C
                                    SHA1:773EFCC1E1E815F3134EC960210812225EBDB816
                                    SHA-256:9282FF3E70C558A1C6FE8D6FF111A6C867AD1EFC98088AA6ED7F23B0033A9380
                                    SHA-512:607D2A61BD9228BE22EA5E1000BF66ACD2CB3D22228EA879EF907DDE9E28A7BF5C2FDCF938B3E9AD961B34CA006E2457EB6BBFF310BDDEB674233EB772D58311
                                    Malicious:false
                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Temp\~DF258D03A731DB941A.TMP

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):512
                                    Entropy (8bit):0.0
                                    Encrypted:false
                                    SSDEEP:3::
                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                    Malicious:false
                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Temp\~DF3515BCE99E77034E.TMP

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:Composite Document File V2 Document, Cannot read section info
                                    Category:dropped
                                    Size (bytes):49152
                                    Entropy (8bit):1.5864914034446365
                                    Encrypted:false
                                    SSDEEP:192:BvS9fsgjw9KSxaE19DkdIV7QjbmDAflAtVqZXaE19DkdIV7QjbmDAfl5dpY:BveUgO6Y
                                    MD5:63C9EF19BB0C8D3DA7C283DDAD3BC95C
                                    SHA1:773EFCC1E1E815F3134EC960210812225EBDB816
                                    SHA-256:9282FF3E70C558A1C6FE8D6FF111A6C867AD1EFC98088AA6ED7F23B0033A9380
                                    SHA-512:607D2A61BD9228BE22EA5E1000BF66ACD2CB3D22228EA879EF907DDE9E28A7BF5C2FDCF938B3E9AD961B34CA006E2457EB6BBFF310BDDEB674233EB772D58311
                                    Malicious:false
                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Temp\~DF36801CD7254F4439.TMP

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:Composite Document File V2 Document, Cannot read section info
                                    Category:dropped
                                    Size (bytes):28672
                                    Entropy (8bit):2.2438554975239176
                                    Encrypted:false
                                    SSDEEP:192:m1hzjw9KSxaE19DkdIV7QjbmDAflAtVqZXaE19DkdIV7QjbmDAfl5dpY:mrzO6Y
                                    MD5:FDE45415ED0EE9EDCFB56112A6A20D4B
                                    SHA1:A81FA0B79FE7B65E0F2B60FB4AF4AF458245ACB3
                                    SHA-256:45B4C258606F0297951A53BAA086680FD72D1FEB60CE0F65045C8E8F6306CC19
                                    SHA-512:58F87F41BCBA7E2769E893C0BEAC2D2BF9ACD8879186C71DECD3F4BF439775759512D81F0C8425CA96A5FDE92EC8A4B97C96028BB8A24BF739360E76403C41C4
                                    Malicious:false
                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Temp\~DF4BE9CB6273E93E7F.TMP

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):73728
                                    Entropy (8bit):0.5890341504728168
                                    Encrypted:false
                                    SSDEEP:192:8kDqZXaE19DkdIV7QjbmDAfl5dwSxaE19DkdIV7QjbmDAflAtRBwP:GYDO
                                    MD5:30B4873CF61F70562339C055EC637508
                                    SHA1:7FA9D790EA881D9E09FF232C6259981A3D68F147
                                    SHA-256:02AAA4563C25C97915A771220C77EE6DDC86D749DED787F0594A133F1FF33114
                                    SHA-512:266B391012C1FE98199EFC5252033503CECA2313D770DF9135C325CD37EA5EB15362594CFD7E3748B630A5E0876E0248B4888AF86CAEE4CC980A6220FCE0BA52
                                    Malicious:false
                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Temp\~DF555AEFA8D4921D5C.TMP

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:Composite Document File V2 Document, Cannot read section info
                                    Category:dropped
                                    Size (bytes):28672
                                    Entropy (8bit):2.2438554975239176
                                    Encrypted:false
                                    SSDEEP:192:m1hzjw9KSxaE19DkdIV7QjbmDAflAtVqZXaE19DkdIV7QjbmDAfl5dpY:mrzO6Y
                                    MD5:FDE45415ED0EE9EDCFB56112A6A20D4B
                                    SHA1:A81FA0B79FE7B65E0F2B60FB4AF4AF458245ACB3
                                    SHA-256:45B4C258606F0297951A53BAA086680FD72D1FEB60CE0F65045C8E8F6306CC19
                                    SHA-512:58F87F41BCBA7E2769E893C0BEAC2D2BF9ACD8879186C71DECD3F4BF439775759512D81F0C8425CA96A5FDE92EC8A4B97C96028BB8A24BF739360E76403C41C4
                                    Malicious:false
                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Temp\~DF83079938CF65CAF9.TMP

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):512
                                    Entropy (8bit):0.0
                                    Encrypted:false
                                    SSDEEP:3::
                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                    Malicious:false
                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Temp\~DFB5B5EA49590CA550.TMP

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):32768
                                    Entropy (8bit):0.07626004967499114
                                    Encrypted:false
                                    SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOz0fgg2q5PJHkQVky6lWt/:2F0i8n0itFzDHFYfggLlJOWt/
                                    MD5:29D7B8EF6DACF3504B06BD7405ECFCC7
                                    SHA1:487EA07864103FAC9FAF42E77756C734C8A25CA0
                                    SHA-256:3D99DD885F1A44E6342CA93BB5537FEDC277A07E642E93525A801D5E2BBB35DE
                                    SHA-512:73BF5D9E76D8886442895FECBFA70D8F6E2EFB98A7E4327AFDC19D2D64C834BD36BD2264B0A7C5C8F78B0D07BEA9FC6C705670018C5FEECEFA6A7B2E681823CF
                                    Malicious:false
                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Temp\~DFCCFE7D0F352BEDC6.TMP

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):512
                                    Entropy (8bit):0.0
                                    Encrypted:false
                                    SSDEEP:3::
                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                    Malicious:false
                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Temp\~DFD28DF2259181DCBD.TMP

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):512
                                    Entropy (8bit):0.0
                                    Encrypted:false
                                    SSDEEP:3::
                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                    Malicious:false
                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Temp\~DFEE25EF6D638E8F5C.TMP

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):512
                                    Entropy (8bit):0.0
                                    Encrypted:false
                                    SSDEEP:3::
                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                    Malicious:false
                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Windows\Temp\~DFFBC6055796E92936.TMP

                                    Download File
                                    Process:C:\Windows\System32\msiexec.exe
                                    File Type:Composite Document File V2 Document, Cannot read section info
                                    Category:dropped
                                    Size (bytes):49152
                                    Entropy (8bit):1.5864914034446365
                                    Encrypted:false
                                    SSDEEP:192:BvS9fsgjw9KSxaE19DkdIV7QjbmDAflAtVqZXaE19DkdIV7QjbmDAfl5dpY:BveUgO6Y
                                    MD5:63C9EF19BB0C8D3DA7C283DDAD3BC95C
                                    SHA1:773EFCC1E1E815F3134EC960210812225EBDB816
                                    SHA-256:9282FF3E70C558A1C6FE8D6FF111A6C867AD1EFC98088AA6ED7F23B0033A9380
                                    SHA-512:607D2A61BD9228BE22EA5E1000BF66ACD2CB3D22228EA879EF907DDE9E28A7BF5C2FDCF938B3E9AD961B34CA006E2457EB6BBFF310BDDEB674233EB772D58311
                                    Malicious:false
                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                    Static File Info

                                    General

                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                    Entropy (8bit):7.9987189791354965
                                    TrID:
                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                    • DOS Executable Generic (2002/1) 0.02%
                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                    File name:AGLCStructuredSettlementsInstaller.exe
                                    File size:90'597'468 bytes
                                    MD5:a53cb926ff7c4af575102bc08594327f
                                    SHA1:03d6a95e1eec98cf7eaebe508166700748b153ea
                                    SHA256:f7139b8276726858e5f3e05939e012506beec45c93a062ea6469bfb76bd1958a
                                    SHA512:2efec8ba1120e4cd7d122e099c2648dd72b9be4cf00c3cb2b94022fffbfb5d068726fafa766d172f8f1f76289e48d25cf7aec398c89d0347a8275424974340e2
                                    SSDEEP:1572864:rL1lhn9IWjpZnj7YpYcAhMX0AOaQInK7dl0NLW1mF7xoVwTvUUSg9v/ELntup9MT:lv6GHj+YhIOrli1xLxSS/+tupLL6KarL
                                    TLSH:971833237985907EE12215329D6F9CA881A63C7B1B6544EB7244FE3C6EF10D17A37F0A
                                    File Content Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........Q............jZ9.....jZ;.J...jZ:......................................9...............9..........&.............7......._....

                                    File Icon

                                    Icon Hash:a02d4d2121109910

                                    Static PE Info

                                    General

                                    Entrypoint:0x45a5b0
                                    Entrypoint Section:.text
                                    Digitally signed:false
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                    Time Stamp:0x6490C0F6 [Mon Jun 19 20:56:22 2023 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:
                                    OS Version Major:5
                                    OS Version Minor:1
                                    File Version Major:5
                                    File Version Minor:1
                                    Subsystem Version Major:5
                                    Subsystem Version Minor:1
                                    Import Hash:29af196a3be056a168bdf44b5feb28a9

                                    Entrypoint Preview

                                    Instruction
                                    call 00007FB9C0E88A88h
                                    jmp 00007FB9C0E8841Dh
                                    int3
                                    int3
                                    int3
                                    int3
                                    int3
                                    int3
                                    push 00472650h
                                    push dword ptr fs:[00000000h]
                                    mov eax, dword ptr [esp+10h]
                                    mov dword ptr [esp+10h], ebp
                                    lea ebp, dword ptr [esp+10h]
                                    sub esp, eax
                                    push ebx
                                    push esi
                                    push edi
                                    mov eax, dword ptr [004D9754h]
                                    xor dword ptr [ebp-04h], eax
                                    xor eax, ebp
                                    push eax
                                    mov dword ptr [ebp-18h], esp
                                    push dword ptr [ebp-08h]
                                    mov eax, dword ptr [ebp-04h]
                                    mov dword ptr [ebp-04h], FFFFFFFEh
                                    mov dword ptr [ebp-08h], eax
                                    lea eax, dword ptr [ebp-10h]
                                    mov dword ptr fs:[00000000h], eax
                                    ret
                                    int3
                                    int3
                                    int3
                                    int3
                                    int3
                                    int3
                                    int3
                                    int3
                                    int3
                                    int3
                                    int3
                                    mov ecx, dword ptr [ebp-10h]
                                    mov dword ptr fs:[00000000h], ecx
                                    pop ecx
                                    pop edi
                                    pop edi
                                    pop esi
                                    pop ebx
                                    mov esp, ebp
                                    pop ebp
                                    push ecx
                                    ret
                                    push ebp
                                    mov ebp, esp
                                    and dword ptr [004DEEB4h], 00000000h
                                    sub esp, 24h
                                    or dword ptr [004D9770h], 01h
                                    push 0000000Ah
                                    call dword ptr [004A538Ch]
                                    test eax, eax
                                    je 00007FB9C0E88752h
                                    and dword ptr [ebp-10h], 00000000h
                                    xor eax, eax
                                    push ebx
                                    push esi
                                    push edi
                                    xor ecx, ecx
                                    lea edi, dword ptr [ebp-24h]
                                    push ebx
                                    cpuid
                                    mov esi, ebx
                                    pop ebx
                                    nop
                                    mov dword ptr [edi], eax
                                    mov dword ptr [edi+04h], esi
                                    mov dword ptr [edi+08h], ecx
                                    xor ecx, ecx
                                    mov dword ptr [edi+0Ch], edx
                                    mov eax, dword ptr [ebp-24h]
                                    mov edi, dword ptr [ebp-20h]
                                    mov dword ptr [ebp-0Ch], eax
                                    xor edi, 006E6547h

                                    Data Directories

                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xd4d840x104.rdata
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xe10000x50d44.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x1320000xb794.reloc
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0xba69c0x54.rdata
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0xba7000x18.rdata
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xaff580x40.rdata
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0xa50000x608.rdata
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xd46100xe0.rdata
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                    Sections

                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x10000xa3bba0xa3c00fa093021137e147e22f86c37ac620a71False0.4995214098282443data6.518917386172881IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    .rdata0xa50000x31dca0x31e008d9311d0e1e2db0fe939ec2586cd683bFalse0.3676427396616541data4.6853497419712316IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .data0xd70000x87e80x4000a68ce158334b72e35c879a45bfd8efa6False0.09503173828125data2.378341276370819IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    .didat0xe00000x1280x20057a671fe17e8e31259882f9ceb77960dFalse0.29296875tar archive (old), type '\340' P\021G, mode \020G, uid @\020G, gid `\020G, seconds \022G, linkname \224E, comment: \223E2.5238651886077563IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    .rsrc0xe10000x50d440x50e0047e5463af1a993725c58086af21a61e4False0.33900152144513135data6.4366141080656325IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .reloc0x1320000xb7940xb8001ddb4920f49f03add102bfed9aebf9e1False0.610945991847826data6.6393049999697995IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                    Resources

                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                    GIF0xe1dfc0x33a7GIF image data, version 89a, 350 x 6240.9106859260379642
                                    GIF0xe51a40x339fGIF image data, version 89a, 350 x 624EnglishUnited States0.9129020052970109
                                    PNG0xe85440x39edPNG image data, 360 x 150, 8-bit/color RGBA, non-interlaced0.9975723244992919
                                    PNG0xebf340x2fc9PNG image data, 240 x 227, 8-bit/color RGBA, non-interlaced0.9968119022316685
                                    RT_BITMAP0xeef000x14220Device independent bitmap graphic, 220 x 370 x 8, image size 814000.34390764454792394
                                    RT_BITMAP0x1031200x1b5cDevice independent bitmap graphic, 180 x 75 x 4, image size 69000.18046830382638493
                                    RT_BITMAP0x104c7c0x38e4Device independent bitmap graphic, 180 x 75 x 8, image size 135000.26689096402087337
                                    RT_BITMAP0x1085600x1238Device independent bitmap graphic, 60 x 60 x 8, image size 36000.23499142367066894
                                    RT_BITMAP0x1097980x6588Device independent bitmap graphic, 161 x 152 x 8, image size 24928, resolution 3796 x 3796 px/m, 256 important colors0.3035934133579563
                                    RT_BITMAP0x10fd200x11f88Device independent bitmap graphic, 161 x 152 x 24, image size 73568, resolution 3780 x 3780 px/m0.12790729268557766
                                    RT_ICON0x121ca80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 3800 x 3800 px/m0.449468085106383
                                    RT_ICON0x1221100x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3800 x 3800 px/m0.29315196998123827
                                    RT_ICON0x1231b80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 3800 x 3800 px/m0.2279045643153527
                                    RT_ICON0x1257600x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 3800 x 3800 px/m0.20111006140765234
                                    RT_ICON0x1299880x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 6400.42473118279569894
                                    RT_DIALOG0x129c700x1cedata0.48917748917748916
                                    RT_DIALOG0x129e400x266data0.4527687296416938
                                    RT_DIALOG0x12a0a80x2b0data0.438953488372093
                                    RT_DIALOG0x12a3580x54data0.6904761904761905
                                    RT_DIALOG0x12a3ac0x34data0.8846153846153846
                                    RT_DIALOG0x12a3e00xd6data0.6495327102803738
                                    RT_DIALOG0x12a4b80x114data0.5036231884057971
                                    RT_DIALOG0x12a5cc0xd6data0.5841121495327103
                                    RT_DIALOG0x12a6a40x246data0.4690721649484536
                                    RT_DIALOG0x12a8ec0x3c8data0.4194214876033058
                                    RT_DIALOG0x12acb40x14edata0.5359281437125748
                                    RT_DIALOG0x12ae040x1e8data0.49385245901639346
                                    RT_DIALOG0x12afec0x1c6data0.5286343612334802
                                    RT_DIALOG0x12b1b40x1eedata0.49190283400809715
                                    RT_DIALOG0x12b3a40x7cdata0.7580645161290323
                                    RT_DIALOG0x12b4200x3bcdata0.4372384937238494
                                    RT_DIALOG0x12b7dc0x158data0.5581395348837209
                                    RT_DIALOG0x12b9340x1dadata0.5168776371308017
                                    RT_DIALOG0x12bb100x10adata0.6015037593984962
                                    RT_DIALOG0x12bc1c0xdedata0.6441441441441441
                                    RT_DIALOG0x12bcfc0x1d4data0.5085470085470085
                                    RT_DIALOG0x12bed00x1dcdata0.5210084033613446
                                    RT_DIALOG0x12c0ac0x294data0.48787878787878786
                                    RT_STRING0x12c3400x160dataEnglishUnited States0.5340909090909091
                                    RT_STRING0x12c4a00x23edataEnglishUnited States0.40418118466898956
                                    RT_STRING0x12c6e00x378dataEnglishUnited States0.4222972972972973
                                    RT_STRING0x12ca580x252dataEnglishUnited States0.4393939393939394
                                    RT_STRING0x12ccac0x1f4dataEnglishUnited States0.442
                                    RT_STRING0x12cea00x66adataEnglishUnited States0.3617539585870889
                                    RT_STRING0x12d50c0x366dataEnglishUnited States0.41379310344827586
                                    RT_STRING0x12d8740x27edataEnglishUnited States0.4561128526645768
                                    RT_STRING0x12daf40x518dataEnglishUnited States0.39800613496932513
                                    RT_STRING0x12e00c0x7cadataEnglishUnited States0.2978936810431294
                                    RT_STRING0x12e7d80x23edataEnglishUnited States0.45121951219512196
                                    RT_STRING0x12ea180x3badataEnglishUnited States0.3280922431865828
                                    RT_STRING0x12edd40x12cdataEnglishUnited States0.5266666666666666
                                    RT_STRING0x12ef000x4adataEnglishUnited States0.6756756756756757
                                    RT_STRING0x12ef4c0xdadataEnglishUnited States0.6100917431192661
                                    RT_STRING0x12f0280x110dataEnglishUnited States0.5845588235294118
                                    RT_STRING0x12f1380x20adataEnglishUnited States0.4521072796934866
                                    RT_STRING0x12f3440xbaMatlab v4 mat-file (little endian) P, numeric, rows 0, columns 0EnglishUnited States0.5860215053763441
                                    RT_STRING0x12f4000xa8dataEnglishUnited States0.6607142857142857
                                    RT_STRING0x12f4a80x12adataEnglishUnited States0.5201342281879194
                                    RT_STRING0x12f5d40x422dataEnglishUnited States0.2741020793950851
                                    RT_STRING0x12f9f80x5c2dataEnglishUnited States0.37720488466757124
                                    RT_STRING0x12ffbc0x40dataEnglishUnited States0.671875
                                    RT_STRING0x12fffc0xcaadataEnglishUnited States0.2313386798272671
                                    RT_STRING0x130ca80x1b6dataEnglishUnited States0.4977168949771689
                                    RT_STRING0x130e600x284dataEnglishUnited States0.43788819875776397
                                    RT_GROUP_ICON0x1310e40x3edata0.7903225806451613
                                    RT_GROUP_ICON0x1311240x14data1.25
                                    RT_GROUP_ICON0x1311380x14data1.2
                                    RT_VERSION0x13114c0x444data0.423992673992674
                                    RT_MANIFEST0x1315900x533XML 1.0 document, ASCII text, with CRLF line terminators0.4650638617580766
                                    RT_MANIFEST0x131ac40x280XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.553125

                                    Imports

                                    DLLImport
                                    COMCTL32.dll
                                    MPR.dllWNetGetUniversalNameW
                                    KERNEL32.dllGetLocalTime, GetFileAttributesW, SetCurrentDirectoryW, GetCurrentDirectoryW, FileTimeToLocalFileTime, GetFileTime, GetSystemDefaultUILanguage, GlobalAlloc, GlobalFree, DecodePointer, FlushFileBuffers, VirtualQuery, IsBadReadPtr, GetDiskFreeSpaceExW, GetDriveTypeW, GetCurrentProcess, GetCurrentThread, VirtualProtect, LoadLibraryExA, GetVersion, GetModuleHandleW, GetProcAddress, GetSystemDirectoryA, LoadLibraryA, GetLastError, SetLastError, CreateFileW, GetFileSize, CloseHandle, LoadLibraryExW, MapViewOfFile, UnmapViewOfFile, lstrlenA, MultiByteToWideChar, WideCharToMultiByte, ReadFile, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, LeaveCriticalSection, EnterCriticalSection, RaiseException, MulDiv, GetSystemInfo, MoveFileW, GetPrivateProfileStringW, GetSystemTimeAsFileTime, SetFileAttributesW, FindNextFileW, FindFirstFileW, FindClose, CreateDirectoryW, CompareFileTime, VerLanguageNameW, GetUserDefaultLangID, GetSystemDefaultLangID, lstrcmpiW, WriteConsoleW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, SetStdHandle, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetCPInfo, GetOEMCP, IsValidCodePage, FindFirstFileExW, LCMapStringW, HeapReAlloc, HeapSize, GetStringTypeW, GetFileType, GetACP, GetStdHandle, lstrcmpW, IsValidLocale, GetLocaleInfoW, lstrcpyA, ExitThread, GetExitCodeProcess, WaitForSingleObject, GetCommandLineW, LoadLibraryW, FreeLibrary, CompareStringA, CompareStringW, lstrcatW, GetVersionExW, CreateEventW, QueryPerformanceFrequency, GetTempFileNameW, CopyFileW, GetTickCount, GetExitCodeThread, CreateThread, FindResourceW, GlobalUnlock, CreateFileMappingW, GlobalLock, SizeofResource, LockResource, LoadResource, lstrcpyW, SetErrorMode, GetTempPathW, ExpandEnvironmentStringsW, FormatMessageW, LocalFree, GetWindowsDirectoryW, GetSystemDirectoryW, CreateProcessW, Sleep, RemoveDirectoryW, DeleteFileW, lstrlenW, lstrcpynW, GetModuleFileNameW, GetProcessHeap, HeapFree, HeapAlloc, WriteFile, SetFilePointer, GetModuleHandleExW, ExitProcess, GetFullPathNameW, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, EncodePointer, RtlUnwind, InitializeCriticalSectionEx, FreeResource, LocalAlloc, SystemTimeToFileTime, lstrcmpA, GetTimeFormatW, GetDateFormatW, FindResourceExW, OpenProcess, GetProcessTimes, SetFileTime, InitializeSListHead, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, GetStartupInfoW, IsProcessorFeaturePresent, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, WaitForSingleObjectEx, ResetEvent, SetEvent, OutputDebugStringW, IsDebuggerPresent
                                    USER32.dllGetMessageW, TranslateMessage, EndDialog, DialogBoxIndirectParamW, GetDlgItem, SetWindowTextW, GetDesktopWindow, MsgWaitForMultipleObjects, DispatchMessageW, PeekMessageW, wsprintfW, PostMessageW, DefWindowProcW, ShowWindow, LoadIconW, LoadCursorW, KillTimer, SetTimer, CreateWindowExW, RegisterClassW, FillRect, SetWindowPos, CharPrevW, wvsprintfW, LoadImageW, CreateDialogParamW, MoveWindow, GetParent, GetWindowTextW, SetCursor, GetWindow, GetDlgItemTextW, SetFocus, SetForegroundWindow, SetActiveWindow, SetDlgItemTextW, FindWindowW, SubtractRect, IntersectRect, SetRect, GetWindowDC, GetSysColorBrush, GetSysColor, GetDC, GetSystemMetrics, GetDlgCtrlID, CreateDialogIndirectParamW, CharNextW, IsDialogMessageW, ExitWindowsEx, CharUpperW, wsprintfA, CallWindowProcW, DrawIcon, DrawTextW, UpdateWindow, InvalidateRect, SetPropW, GetPropW, RemovePropW, MapWindowPoints, DrawFocusRect, CopyRect, InflateRect, EnumChildWindows, GetClassNameW, MapDialogRect, RegisterClassExW, MonitorFromPoint, FindWindowExW, ScreenToClient, MessageBoxW, GetWindowRect, EnableWindow, SendDlgItemMessageW, DestroyWindow, IsWindow, SendMessageW, WaitForInputIdle, SetWindowLongW, GetWindowLongW, GetClientRect, EndPaint, BeginPaint, ReleaseDC, PostQuitMessage
                                    GDI32.dllCreateHalftonePalette, GetDIBColorTable, SelectPalette, RealizePalette, GetSystemPaletteEntries, CreatePalette, CreateFontW, SetTextColor, SetBkMode, GetDeviceCaps, CreateSolidBrush, GetObjectW, TranslateCharsetInfo, CreateFontIndirectW, SetStretchBltMode, StretchBlt, SelectObject, DeleteDC, CreateDIBitmap, CreateCompatibleDC, BitBlt, DeleteObject, GetStockObject, CreateCompatibleBitmap, CreateDCW, CreatePatternBrush, GetTextExtentPoint32W, RestoreDC, SaveDC, DeleteMetaFile, CreateBitmap, CreateRectRgn, PatBlt, PlayMetaFile, SelectClipRgn, SetBkColor, SetMapMode, SetMetaFileBitsEx, SetPixel, SetViewportExtEx, SetViewportOrgEx, SetWindowExtEx, SetWindowOrgEx, UnrealizeObject
                                    ADVAPI32.dllSetSecurityDescriptorGroup, CryptDestroyHash, CryptCreateHash, CryptDestroyKey, CryptReleaseContext, CryptAcquireContextW, RegOpenKeyW, RegOverridePredefKey, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, GetTokenInformation, FreeSid, EqualSid, AllocateAndInitializeSid, OpenThreadToken, OpenProcessToken, SetEntriesInAclW, SetSecurityDescriptorOwner, RegQueryValueExW, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, CreateWellKnownSid, RegQueryInfoKeyW, RegEnumKeyExW, RegDeleteKeyW, RegEnumValueW, RegDeleteValueW, RegSetValueExW, RegCreateKeyExW, RegCloseKey
                                    SHELL32.dllShellExecuteExW, SHBrowseForFolderW, SHGetFolderPathW, SHGetPathFromIDListW, SHGetMalloc, ShellExecuteW, CommandLineToArgvW
                                    ole32.dllStringFromGUID2, CoCreateGuid, CLSIDFromProgID, CoTaskMemAlloc, CreateStreamOnHGlobal, CoTaskMemRealloc, CoTaskMemFree, CoUninitialize, CoInitializeSecurity, CoInitialize, CoCreateInstance
                                    OLEAUT32.dllSysStringByteLen, GetErrorInfo, CreateErrorInfo, VarBstrCat, VarBstrFromDate, SysAllocStringByteLen, VarUI4FromStr, LoadTypeLib, SetErrorInfo, RegisterTypeLib, UnRegisterTypeLib, VarBstrCmp, SysAllocStringLen, SysFreeString, SysAllocString, SystemTimeToVariantTime, SysStringLen, SysReAllocStringLen
                                    SHLWAPI.dllPathFileExistsW
                                    RPCRT4.dllUuidToStringW, UuidCreate, RpcStringFreeW
                                    gdiplus.dllGdipGetImageWidth, GdipGetImageHeight, GdipAlloc, GdipFree, GdiplusStartup, GdipDrawImageRectI, GdipSetInterpolationMode, GdipDeleteGraphics, GdipCreateFromHDC, GdipCreateBitmapFromResource, GdipCreateBitmapFromFile, GdipCreateBitmapFromStream, GdipDisposeImage, GdipCloneImage

                                    Possible Origin

                                    Language of compilation systemCountry where language is spokenMap
                                    EnglishUnited States

                                    Network Behavior

                                    No network behavior found

                                    Statistics

                                    CPU Usage

                                    Click to jump to process

                                    Memory Usage

                                    Click to jump to process

                                    High Level Behavior Distribution

                                    Click to dive into process behavior distribution

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    General

                                    Target ID:0
                                    Start time:16:03:35
                                    Start date:19/04/2024
                                    Path:C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exe"
                                    Imagebase:0xde0000
                                    File size:90'597'468 bytes
                                    MD5 hash:A53CB926FF7C4AF575102BC08594327F
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:low
                                    Has exited:true

                                    General

                                    Target ID:1
                                    Start time:16:03:37
                                    Start date:19/04/2024
                                    Path:C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exe
                                    Wow64 process (32bit):true
                                    Commandline:C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}\AGLCStructuredSettlementsInstaller.exe /q"C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exe" /tempdisk1folder"C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}" /IS_temp
                                    Imagebase:0x340000
                                    File size:90'597'468 bytes
                                    MD5 hash:A53CB926FF7C4AF575102BC08594327F
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:low
                                    Has exited:true

                                    General

                                    Target ID:2
                                    Start time:16:03:43
                                    Start date:19/04/2024
                                    Path:C:\Windows\SysWOW64\msiexec.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Windows\system32\MSIEXEC.EXE" /i "C:\Users\user\AppData\Local\Downloaded Installations\{2DAE1BFB-6F68-4AD8-A074-1F290D098EE1}\Structured Settlements.msi" SETUPEXEDIR="C:\Users\user\Desktop" SETUPEXENAME="AGLCStructuredSettlementsInstaller.exe"
                                    Imagebase:0x240000
                                    File size:59'904 bytes
                                    MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:3
                                    Start time:16:03:43
                                    Start date:19/04/2024
                                    Path:C:\Windows\System32\msiexec.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\msiexec.exe /V
                                    Imagebase:0x7ff72a810000
                                    File size:69'632 bytes
                                    MD5 hash:E5DA170027542E25EDE42FC54C929077
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:false

                                    General

                                    Target ID:8
                                    Start time:16:04:22
                                    Start date:19/04/2024
                                    Path:C:\Windows\SysWOW64\cmd.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Windows\system32\cmd.exe" /c rmdir /s /q "C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}"
                                    Imagebase:0x240000
                                    File size:236'544 bytes
                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    General

                                    Target ID:9
                                    Start time:16:04:22
                                    Start date:19/04/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff7699e0000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    Disassembly

                                    Reset < >

                                      Execution Graph

                                      Execution Coverage:3.2%
                                      Dynamic/Decrypted Code Coverage:0%
                                      Signature Coverage:7.1%
                                      Total number of Nodes:1271
                                      Total number of Limit Nodes:57
                                      execution_graph 60251 e3a432 60252 e3a43e ___scrt_is_nonwritable_in_current_image 60251->60252 60280 e39945 60252->60280 60254 e3a445 60255 e3a598 60254->60255 60258 e3a46f 60254->60258 60313 e3a810 4 API calls 2 library calls 60255->60313 60257 e3a59f 60306 e5e884 60257->60306 60267 e3a4ae ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 60258->60267 60291 e5f4f0 60258->60291 60265 e3a48e 60271 e3a50f 60267->60271 60309 e5e420 51 API calls _abort 60267->60309 60269 e3a515 60272 e3a52a 60269->60272 60302 e3a92b 60271->60302 60310 e3a973 GetModuleHandleW 60272->60310 60274 e3a531 60274->60257 60275 e3a535 60274->60275 60276 e3a53e 60275->60276 60311 e5e827 47 API calls _abort 60275->60311 60312 e39ab6 12 API calls ___scrt_uninitialize_crt 60276->60312 60279 e3a546 60279->60265 60281 e3994e 60280->60281 60315 e3a624 IsProcessorFeaturePresent 60281->60315 60283 e3995a 60316 e527ae 10 API calls 2 library calls 60283->60316 60285 e3995f 60286 e39963 60285->60286 60317 e5f2d7 60285->60317 60286->60254 60289 e3997a 60289->60254 60293 e5f507 60291->60293 60292 e3978b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 60294 e3a488 60292->60294 60293->60292 60294->60265 60295 e5f494 60294->60295 60296 e5f4c3 60295->60296 60297 e5f4df 60295->60297 60296->60297 60386 e3e4c1 60296->60386 60391 de10b0 60296->60391 60298 e3978b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 60297->60298 60299 e5f4ec 60298->60299 60299->60267 60422 e514b0 60302->60422 60305 e3a951 60305->60269 60424 e5e601 60306->60424 60309->60271 60310->60274 60311->60276 60312->60279 60313->60257 60315->60283 60316->60285 60321 e62bca 60317->60321 60320 e527cd 7 API calls 2 library calls 60320->60286 60322 e62be7 60321->60322 60323 e62be3 60321->60323 60322->60323 60327 e61330 60322->60327 60339 e3978b 60323->60339 60325 e3996c 60325->60289 60325->60320 60328 e6133c ___scrt_is_nonwritable_in_current_image 60327->60328 60346 e61931 EnterCriticalSection 60328->60346 60330 e61343 60347 e63098 60330->60347 60332 e61352 60338 e61361 60332->60338 60360 e611b9 29 API calls 60332->60360 60335 e6135c 60361 e6126f GetStdHandle GetFileType 60335->60361 60336 e61372 _abort 60336->60322 60362 e6137d LeaveCriticalSection _abort 60338->60362 60340 e39793 60339->60340 60341 e39794 IsProcessorFeaturePresent 60339->60341 60340->60325 60343 e3a09d 60341->60343 60385 e3a060 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 60343->60385 60345 e3a180 60345->60325 60346->60330 60348 e630a4 ___scrt_is_nonwritable_in_current_image 60347->60348 60349 e630b1 60348->60349 60350 e630c8 60348->60350 60371 e56d99 20 API calls _abort 60349->60371 60363 e61931 EnterCriticalSection 60350->60363 60353 e630b6 60372 e569c3 26 API calls _memcpy_s 60353->60372 60355 e63100 60373 e63127 LeaveCriticalSection _abort 60355->60373 60356 e630c0 _abort 60356->60332 60357 e630d4 60357->60355 60364 e62fe9 60357->60364 60360->60335 60361->60338 60362->60336 60363->60357 60374 e61893 60364->60374 60366 e62ffb 60370 e63008 60366->60370 60381 e61c0a 11 API calls 2 library calls 60366->60381 60368 e6305a 60368->60357 60382 e5fb45 20 API calls 2 library calls 60370->60382 60371->60353 60372->60356 60373->60356 60380 e618a0 _abort 60374->60380 60375 e618e0 60384 e56d99 20 API calls _abort 60375->60384 60376 e618cb RtlAllocateHeap 60377 e618de 60376->60377 60376->60380 60377->60366 60380->60375 60380->60376 60383 e5f30f 7 API calls 2 library calls 60380->60383 60381->60366 60382->60368 60383->60380 60384->60377 60385->60345 60397 e3e5c1 60386->60397 60389 e3e4cf 60389->60296 60392 de10bc __EH_prolog3 60391->60392 60406 de7aa0 60392->60406 60394 de10d1 60412 e39b0b 29 API calls 60394->60412 60396 de10df 60396->60296 60403 e3fec2 GetModuleHandleW GetProcAddress 60397->60403 60399 e3e4c6 60399->60389 60400 e3e5db 60399->60400 60401 e3fec2 4 API calls 60400->60401 60402 e3e5ea 60401->60402 60402->60389 60404 e3fee3 GetSystemInfo 60403->60404 60405 e3feeb GetNativeSystemInfo 60403->60405 60404->60399 60405->60399 60407 de7adf GetLastError 60406->60407 60408 de7ad2 60406->60408 60409 de7b20 60407->60409 60408->60407 60409->60409 60413 de91c0 60409->60413 60411 de7b3a SetLastError 60411->60394 60412->60396 60414 de91d3 60413->60414 60415 de9251 60413->60415 60417 de91df _memcpy_s 60414->60417 60419 de9219 SysAllocStringLen 60414->60419 60421 de4a40 29 API calls std::_Xinvalid_argument 60415->60421 60417->60411 60418 de9256 60420 de923f _memcpy_s 60419->60420 60420->60411 60421->60418 60423 e3a93e GetStartupInfoW 60422->60423 60423->60305 60425 e5e60d _abort 60424->60425 60426 e5e614 60425->60426 60427 e5e626 60425->60427 60460 e5e75b GetModuleHandleW 60426->60460 60448 e61931 EnterCriticalSection 60427->60448 60430 e5e619 60430->60427 60461 e5e79f GetModuleHandleExW 60430->60461 60435 e5e62d 60445 e5e6cb 60435->60445 60447 e5e6a2 60435->60447 60469 e5f140 20 API calls _abort 60435->60469 60436 e5e714 60470 e69220 5 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 60436->60470 60437 e5e6e8 60452 e5e71a 60437->60452 60439 e5f494 _abort 39 API calls 60444 e5e6ba 60439->60444 60440 e5f494 _abort 39 API calls 60440->60445 60444->60440 60449 e5e70b 60445->60449 60447->60439 60447->60444 60448->60435 60471 e61981 LeaveCriticalSection 60449->60471 60451 e5e6e4 60451->60436 60451->60437 60472 e61d76 60452->60472 60455 e5e748 60458 e5e79f _abort 8 API calls 60455->60458 60456 e5e728 GetPEB 60456->60455 60457 e5e738 GetCurrentProcess TerminateProcess 60456->60457 60457->60455 60459 e5e750 ExitProcess 60458->60459 60460->60430 60462 e5e7ec 60461->60462 60463 e5e7c9 GetProcAddress 60461->60463 60465 e5e7f2 FreeLibrary 60462->60465 60466 e5e7fb 60462->60466 60464 e5e7de 60463->60464 60464->60462 60465->60466 60467 e3978b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 60466->60467 60468 e5e625 60467->60468 60468->60427 60469->60447 60471->60451 60473 e61d91 60472->60473 60474 e61d9b 60472->60474 60476 e3978b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 60473->60476 60479 e61998 5 API calls _abort 60474->60479 60477 e5e724 60476->60477 60477->60455 60477->60456 60478 e61db2 60478->60473 60479->60478 60480 e367e0 60481 e367ef _memcpy_s __EH_prolog3_GS 60480->60481 60482 e36819 GetModuleFileNameW 60481->60482 60519 e3529f 60482->60519 60484 e36846 _memcpy_s 60551 e37674 60484->60551 60487 e36944 60489 e36962 60487->60489 60490 e3694e lstrcpyW 60487->60490 60488 e36884 _memcpy_s 60493 e3689a GetTempPathW GetTempFileNameW 60488->60493 60626 e37704 60489->60626 60491 e36942 60490->60491 60579 df0563 60491->60579 60561 df070a 60493->60561 60498 e368f7 60567 df9714 60498->60567 60499 e369a3 60583 df225c 60499->60583 60502 e3690c 60571 e35993 60502->60571 60509 e369ea 60642 df0fd7 26 API calls 60509->60642 60510 e369dd DeleteFileW 60510->60509 60511 e36933 60513 de4cc0 ~refcount_ptr 4 API calls 60511->60513 60513->60491 60514 e369f9 60643 e3554e 5 API calls 2 library calls 60514->60643 60516 e36a08 60644 e39b34 60516->60644 60520 e352ab __EH_prolog3_GS 60519->60520 60647 de60a0 60520->60647 60522 e352cf 60650 e0a953 60522->60650 60524 e35301 _wcslen 60654 de8130 60524->60654 60526 e3532f 60665 e35d2c 60526->60665 60528 e35347 CreateFileW 60530 e35377 GetLastError 60528->60530 60531 e35385 _memcpy_s 60528->60531 60549 e354ca 60530->60549 60677 e365ac SetFilePointer GetLastError 60531->60677 60532 e39b34 5 API calls 60533 e354e8 60532->60533 60533->60484 60536 e353b4 ReadFile 60537 e353d6 60536->60537 60536->60549 60537->60549 60679 e35672 60537->60679 60540 e35d2c 21 API calls 60541 e3540c 60540->60541 60543 e365ac 2 API calls 60541->60543 60542 e3547e 60542->60549 60691 e35e5b 60542->60691 60544 e35429 60543->60544 60545 e35431 ReadFile 60544->60545 60544->60549 60546 e35453 60545->60546 60545->60549 60548 e35672 88 API calls 60546->60548 60546->60549 60550 e35468 60548->60550 60549->60532 60550->60542 60552 e37680 __EH_prolog3_GS 60551->60552 60993 df099e 60552->60993 60554 e37695 60997 e35b14 60554->60997 60557 de4cc0 ~refcount_ptr 4 API calls 60558 e376af 60557->60558 60559 e39b34 5 API calls 60558->60559 60560 e36879 60559->60560 60560->60487 60560->60488 60562 df0716 __EH_prolog3 60561->60562 60563 df072e GetLastError 60562->60563 61006 df0abc 60563->61006 60566 df0785 60566->60498 60568 df9720 __EH_prolog3 60567->60568 60569 df09e8 32 API calls 60568->60569 60570 df9741 60569->60570 60570->60502 60572 e359a5 60571->60572 60573 e359d6 60571->60573 61010 e35632 60572->61010 60621 de4cc0 GetLastError 60573->60621 60576 e36455 53 API calls 60577 e359bf 60576->60577 60577->60573 61017 e359df 60577->61017 60580 df056f __EH_prolog3 60579->60580 61104 df0d54 60580->61104 60582 df0579 60582->60499 60584 df226a _wcslen 60583->60584 61111 df3c6d 60584->61111 60586 df2277 61115 df3cd7 60586->61115 60591 df1ec3 60592 df1ecf __EH_prolog3_GS 60591->60592 60593 df0bc7 29 API calls 60592->60593 60620 df20a0 _AnonymousOriginator 60592->60620 60595 df1ef4 60593->60595 60594 e39b34 5 API calls 60596 df20d8 60594->60596 61310 defbec 53 API calls 60595->61310 60596->60509 60596->60510 60598 df1f04 60599 df3afb 26 API calls 60598->60599 60600 df1f12 60599->60600 60601 df1f1d 60600->60601 60602 df20c6 lstrcpynW 60600->60602 60603 df2006 60601->60603 60606 df1f50 60601->60606 60602->60620 60604 df0bc7 29 API calls 60603->60604 60605 df200f 60604->60605 61311 df2196 53 API calls __EH_prolog3 60605->61311 60608 df3afb 26 API calls 60606->60608 60611 df1f71 60606->60611 60608->60611 60609 df3afb 26 API calls 60618 df1f86 60609->60618 60610 df2023 60612 df2037 60610->60612 60614 df3afb 26 API calls 60610->60614 60611->60609 60613 df3afb 26 API calls 60612->60613 60615 df204c 60613->60615 60614->60612 60616 df3afb 26 API calls 60615->60616 60617 df205a lstrcpynW 60616->60617 60617->60618 60618->60620 61312 df3386 26 API calls _memcpy_s 60618->61312 60620->60594 60622 e398bc 60621->60622 60623 de4cdf SysFreeString 60622->60623 60624 de4cfa SetLastError 60623->60624 60625 de4cf1 SysFreeString 60623->60625 60624->60511 60625->60624 60627 e37787 60626->60627 60628 e3772c 60626->60628 60630 e3978b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 60627->60630 60628->60627 60629 e37733 lstrcpyW 60628->60629 60632 e37750 _wcsrchr 60629->60632 60631 e3697c 60630->60631 60635 e373a9 lstrlenW 60631->60635 60633 e37766 lstrcpyW lstrcpyW 60632->60633 60634 e37758 CharNextW 60632->60634 60633->60627 60634->60633 60636 e373dd lstrcpyW 60635->60636 60638 e373bf 60635->60638 60637 e373e8 60636->60637 61313 e3785d 60637->61313 60638->60636 60639 e373cb lstrcpynW 60638->60639 60639->60637 60642->60514 60643->60516 60645 e3978b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 60644->60645 60646 e39b3e 60645->60646 60646->60646 60648 de60ae 60647->60648 60649 de60bb GetLastError SetLastError 60647->60649 60648->60649 60649->60522 60651 e0a95f __EH_prolog3 60650->60651 60705 e09f6e 60651->60705 60653 e0a971 60653->60524 60655 de817e 60654->60655 60661 de8148 _memcpy_s 60654->60661 60656 de8186 SysAllocStringLen 60655->60656 60657 de8201 60655->60657 60662 de81da _memcpy_s 60656->60662 60732 de4a40 29 API calls std::_Xinvalid_argument 60657->60732 60660 de8206 60661->60526 60663 de81ec SysFreeString 60662->60663 60664 de81f4 60662->60664 60663->60664 60664->60526 60666 e35d38 __EH_prolog3 60665->60666 60733 e36278 60666->60733 60668 e35d66 60669 e35d7f 60668->60669 60756 e35ce1 60668->60756 60671 e35da0 60669->60671 60672 e35d95 UnmapViewOfFile 60669->60672 60673 e35dc1 60671->60673 60674 e35db4 FindCloseChangeNotification 60671->60674 60672->60671 60675 e35dcf CloseHandle 60673->60675 60676 e35ddc 60673->60676 60674->60673 60675->60676 60676->60528 60678 e353ac 60677->60678 60678->60536 60678->60549 60680 e3567e __EH_prolog3_GS 60679->60680 60780 de7eb0 60680->60780 60685 e35081 79 API calls 60686 e356b1 60685->60686 60687 de4cc0 ~refcount_ptr 4 API calls 60686->60687 60688 e356ec 60687->60688 60689 e39b34 5 API calls 60688->60689 60690 e353eb 60689->60690 60690->60540 60690->60542 60700 e35e67 __EH_prolog3_GS 60691->60700 60692 e35f2d 60693 e39b34 5 API calls 60692->60693 60695 e35f32 60693->60695 60694 e39c5c 22 API calls 60694->60700 60695->60549 60700->60692 60700->60694 60703 de4cc0 GetLastError SysFreeString SysFreeString SetLastError ~refcount_ptr 60700->60703 60704 e365ac 2 API calls 60700->60704 60868 e36596 SetFilePointer 60700->60868 60869 e35f35 60700->60869 60911 e11754 60700->60911 60915 df0809 60700->60915 60919 e35214 60700->60919 60922 e35237 GetLastError SetLastError __EH_prolog3 60700->60922 60703->60700 60704->60700 60708 e39c5c 60705->60708 60707 e09f75 60707->60653 60710 e39c61 60708->60710 60711 e39c7b 60710->60711 60713 e39c7d 60710->60713 60720 e57609 60710->60720 60728 e5f30f 7 API calls 2 library calls 60710->60728 60711->60707 60714 df3ad3 Concurrency::cancel_current_task 60713->60714 60715 e39c87 60713->60715 60719 e0a414 60714->60719 60727 e51ff8 RaiseException 60714->60727 60729 e51ff8 RaiseException 60715->60729 60718 e3aa4a 60719->60707 60726 e5fb7f _abort 60720->60726 60721 e5fbbd 60731 e56d99 20 API calls _abort 60721->60731 60723 e5fba8 RtlAllocateHeap 60724 e5fbbb 60723->60724 60723->60726 60724->60710 60726->60721 60726->60723 60730 e5f30f 7 API calls 2 library calls 60726->60730 60727->60714 60728->60710 60729->60718 60730->60726 60731->60724 60732->60660 60760 e39b52 60733->60760 60735 e36284 CreateFileW 60736 e362bb 60735->60736 60737 e362c9 CreateFileMappingW 60735->60737 60736->60737 60738 e363f2 GetLastError 60736->60738 60737->60738 60739 e362e3 GetSystemInfo MapViewOfFile 60737->60739 60750 e363af 60738->60750 60739->60738 60740 e3630f 60739->60740 60742 e36322 IsBadReadPtr 60740->60742 60740->60750 60741 e36416 60745 e36436 60741->60745 60746 e3642b CloseHandle 60741->60746 60743 e36337 60742->60743 60742->60750 60748 e3634a UnmapViewOfFile MapViewOfFile 60743->60748 60743->60750 60744 e3640b UnmapViewOfFile 60744->60741 60747 e3644d 60745->60747 60749 e36442 CloseHandle 60745->60749 60746->60745 60747->60668 60751 e36383 60748->60751 60752 e3636c 60748->60752 60749->60747 60750->60741 60750->60744 60751->60750 60754 e36392 IsBadReadPtr 60751->60754 60752->60751 60753 e36375 UnmapViewOfFile 60752->60753 60753->60751 60754->60750 60755 e363a7 60754->60755 60755->60750 60757 e35cfc 60756->60757 60761 e35b47 60757->60761 60759 e35d15 60759->60669 60760->60735 60762 e35b53 __EH_prolog3 60761->60762 60763 e35c76 60762->60763 60764 e35b6f VirtualQuery 60762->60764 60779 dfcf48 UnmapViewOfFile 60763->60779 60775 e35de4 60764->60775 60768 e35c82 60768->60759 60769 e35de4 CompareStringA 60770 e35bba 60769->60770 60772 e35ba1 60770->60772 60773 e35de4 CompareStringA 60770->60773 60771 e35c4b 60771->60763 60772->60763 60772->60771 60774 e35c1c GetSystemInfo MapViewOfFile 60772->60774 60773->60772 60774->60763 60774->60771 60776 e35b96 60775->60776 60777 e35dfd CompareStringA 60775->60777 60776->60769 60776->60772 60777->60776 60778 e35e17 60777->60778 60778->60776 60778->60777 60779->60768 60781 de7efb 60780->60781 60782 de7f08 GetLastError SetLastError GetLastError SetLastError 60780->60782 60781->60782 60800 de8880 60782->60800 60786 e398bc 60787 de8005 SysFreeString 60786->60787 60788 de8017 SysFreeString 60787->60788 60789 de8020 SetLastError SetLastError 60787->60789 60788->60789 60790 e3978b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 60789->60790 60791 de806c 60790->60791 60792 e35081 60791->60792 60793 e3508d __EH_prolog3_GS 60792->60793 60846 de7530 60793->60846 60795 e350a2 60796 de4cc0 ~refcount_ptr 4 API calls 60795->60796 60797 e350c6 60796->60797 60798 e39b34 5 API calls 60797->60798 60799 e350cd 60798->60799 60799->60685 60799->60686 60801 de88c8 60800->60801 60802 de8957 60800->60802 60801->60802 60803 de88d4 MultiByteToWideChar 60801->60803 60804 de897e 60802->60804 60805 de8a54 GetLastError 60802->60805 60830 e39c53 60803->60830 60809 e39c53 22 API calls 60804->60809 60808 de91c0 30 API calls 60805->60808 60811 de8aa9 SetLastError 60808->60811 60812 de8987 60809->60812 60810 de8913 MultiByteToWideChar 60814 de893a 60810->60814 60815 de8947 _AnonymousOriginator 60810->60815 60816 de8ae2 60811->60816 60817 de8af3 60811->60817 60842 e55588 20 API calls _memcpy_s 60812->60842 60820 de8130 31 API calls 60814->60820 60824 e3978b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 60815->60824 60821 de8130 31 API calls 60816->60821 60819 de4cc0 ~refcount_ptr 4 API calls 60817->60819 60818 de899b GetLastError 60822 de91c0 30 API calls 60818->60822 60819->60815 60820->60815 60821->60817 60823 de89f3 SetLastError 60822->60823 60825 de8a3a 60823->60825 60826 de8a29 60823->60826 60827 de7fc0 GetLastError 60824->60827 60829 de4cc0 ~refcount_ptr 4 API calls 60825->60829 60828 de8130 31 API calls 60826->60828 60827->60786 60828->60825 60829->60815 60832 e39c5c 60830->60832 60831 e57609 ___std_exception_copy 21 API calls 60831->60832 60832->60831 60833 e39c7b 60832->60833 60835 e39c7d 60832->60835 60844 e5f30f 7 API calls 2 library calls 60832->60844 60833->60810 60836 df3ad3 Concurrency::cancel_current_task 60835->60836 60838 e39c87 60835->60838 60841 e0a414 60836->60841 60843 e51ff8 RaiseException 60836->60843 60845 e51ff8 RaiseException 60838->60845 60840 e3aa4a 60841->60810 60842->60818 60843->60836 60844->60832 60845->60840 60847 de7578 60846->60847 60848 de7585 GetLastError SetLastError 60846->60848 60847->60848 60849 de75d5 60848->60849 60852 de75db GetLastError SetLastError GetLastError SetLastError 60848->60852 60867 e56798 52 API calls 60849->60867 60853 de8880 42 API calls 60852->60853 60854 de76a2 GetLastError 60853->60854 60855 e398bc 60854->60855 60856 de76ee SysFreeString 60855->60856 60857 de7709 SetLastError SetLastError 60856->60857 60858 de7700 SysFreeString 60856->60858 60859 de776b GetLastError 60857->60859 60860 de7746 60857->60860 60858->60857 60861 e398bc 60859->60861 60860->60859 60862 de7784 SysFreeString 60861->60862 60863 de779f SetLastError 60862->60863 60864 de7796 SysFreeString 60862->60864 60865 e3978b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 60863->60865 60864->60863 60866 de77dc 60865->60866 60866->60795 60867->60852 60868->60700 60870 e35f44 __EH_prolog3_GS 60869->60870 60871 e35f55 _memcpy_s 60870->60871 60872 e36024 60870->60872 60875 e35f67 ReadFile 60871->60875 60873 e36144 _memcpy_s 60872->60873 60874 e3602e _memcpy_s 60872->60874 60879 e36150 ReadFile 60873->60879 60876 e3603a ReadFile 60874->60876 60877 e35f9a 60875->60877 60878 e35f8f GetLastError 60875->60878 60876->60878 60880 e36060 60876->60880 60900 e360e2 _AnonymousOriginator 60877->60900 60923 df088a 66 API calls 2 library calls 60877->60923 60878->60900 60879->60878 60881 e36176 60879->60881 60885 e39c53 22 API calls 60880->60885 60880->60900 60883 e36189 60881->60883 60881->60900 60887 e39c53 22 API calls 60883->60887 60884 e39b34 5 API calls 60888 e36271 60884->60888 60889 e3609d _memcpy_s 60885->60889 60886 e35fc2 60924 de7b80 31 API calls 60886->60924 60891 e361dd _memcpy_s 60887->60891 60888->60700 60893 e360ad ReadFile 60889->60893 60895 e361ed ReadFile 60891->60895 60892 e35fd1 60894 de4cc0 ~refcount_ptr 4 API calls 60892->60894 60897 e360cd GetLastError 60893->60897 60898 e360d7 60893->60898 60899 e35fdd _AnonymousOriginator 60894->60899 60896 e36211 60895->60896 60895->60897 60896->60900 60901 df09e8 32 API calls 60896->60901 60897->60900 60898->60900 60925 df09e8 60898->60925 60899->60900 60900->60884 60903 e36235 60901->60903 60930 de7b80 31 API calls 60903->60930 60904 e36112 60929 de7b80 31 API calls 60904->60929 60907 e36125 60909 de4cc0 ~refcount_ptr 4 API calls 60907->60909 60908 e36248 60910 de4cc0 ~refcount_ptr 4 API calls 60908->60910 60909->60899 60910->60899 60912 e11760 __EH_prolog3 60911->60912 60913 df0809 32 API calls 60912->60913 60914 e1176f 60913->60914 60914->60700 60916 df0815 __EH_prolog3 60915->60916 60948 df0617 60916->60948 60918 df0837 60918->60700 60966 e350ce 60919->60966 60921 e35225 60921->60700 60922->60700 60923->60886 60924->60892 60926 df09f4 __EH_prolog3 60925->60926 60931 df0788 60926->60931 60928 df0a27 60928->60904 60929->60907 60930->60908 60932 df0794 __EH_prolog3 60931->60932 60933 df07ac GetLastError 60932->60933 60937 df0aef 60933->60937 60936 df0806 60936->60928 60940 def72e 60937->60940 60939 df07da SetLastError 60939->60936 60941 def744 60940->60941 60942 def7a3 60940->60942 60944 def74f 60941->60944 60946 def76b SysAllocStringLen 60941->60946 60947 de4a40 29 API calls std::_Xinvalid_argument 60942->60947 60944->60939 60945 def7a8 60946->60944 60947->60945 60949 df0623 __EH_prolog3 60948->60949 60950 df063b GetLastError 60949->60950 60954 df0a35 60950->60954 60953 df0689 60953->60918 60955 df0a57 60954->60955 60958 def823 60955->60958 60957 df065d SetLastError 60957->60953 60959 def88d 60958->60959 60960 def836 60958->60960 60965 de4a40 29 API calls std::_Xinvalid_argument 60959->60965 60962 def841 _memcpy_s 60960->60962 60964 def85d SysAllocStringLen 60960->60964 60962->60957 60963 def892 60964->60962 60965->60963 60967 e350da __EH_prolog3 60966->60967 60980 e35192 60967->60980 60972 e35116 60988 e34ff2 32 API calls __EH_prolog3 60972->60988 60973 e3515c 60990 df3af0 28 API calls 2 library calls 60973->60990 60976 e35124 60989 e0acde GetLastError SysFreeString SysFreeString SetLastError 60976->60989 60977 e35161 60979 e35102 60979->60921 60981 e350e8 60980->60981 60983 e351ae 60980->60983 60984 e351e8 60981->60984 60983->60981 60991 def644 53 API calls 60983->60991 60985 e351f4 60984->60985 60986 e350fe 60984->60986 60992 def644 53 API calls 60985->60992 60986->60972 60986->60973 60986->60979 60988->60976 60989->60979 60990->60977 60991->60983 60992->60986 60994 df09aa __EH_prolog3 60993->60994 60995 df070a 32 API calls 60994->60995 60996 df09da 60995->60996 60996->60554 60998 e35b25 60997->60998 61000 e35b21 60997->61000 61001 e36455 60998->61001 61000->60557 61002 e36464 61001->61002 61004 e36460 61001->61004 61005 e35162 53 API calls 61002->61005 61004->61000 61005->61004 61007 df0adb _wcslen 61006->61007 61008 def72e 30 API calls 61007->61008 61009 df0759 SetLastError 61008->61009 61009->60566 61011 e35646 GetFileAttributesW 61010->61011 61012 e35644 61010->61012 61013 e3566d 61011->61013 61014 e35652 61011->61014 61012->61011 61013->60576 61014->61013 61015 e35662 SetFileAttributesW 61014->61015 61016 e35660 61014->61016 61015->61013 61016->61015 61019 e359eb __EH_prolog3_GS 61017->61019 61018 e35a3f 61023 e39b34 5 API calls 61018->61023 61019->61018 61020 e35a18 CreateFileW 61019->61020 61021 e35a36 GetLastError 61020->61021 61022 e35a49 61020->61022 61021->61018 61024 e365ac 2 API calls 61022->61024 61025 e35a46 61023->61025 61029 e35a58 61024->61029 61025->60573 61026 e35ab3 61061 e3579b 61026->61061 61027 e35aac 61043 e35815 61027->61043 61029->61018 61029->61026 61029->61027 61031 e35a93 CloseHandle 61029->61031 61034 e35ac5 61031->61034 61035 e35b0d 61031->61035 61034->61035 61036 e11754 32 API calls 61034->61036 61035->61018 61037 e35add 61036->61037 61065 def345 29 API calls 61037->61065 61039 e35ae8 61066 def22b 31 API calls 61039->61066 61041 e35aff 61042 de4cc0 ~refcount_ptr 4 API calls 61041->61042 61042->61035 61044 e35821 __EH_prolog3_GS 61043->61044 61045 e35865 CreateFileW 61044->61045 61046 e35892 61045->61046 61047 e35882 GetLastError 61045->61047 61049 e39c53 22 API calls 61046->61049 61048 e3598b 61047->61048 61050 e39b34 5 API calls 61048->61050 61057 e358a7 61049->61057 61051 e35990 61050->61051 61051->61031 61052 e35963 ReadFile 61052->61057 61059 e35974 61052->61059 61053 e3597a FlushFileBuffers CloseHandle 61053->61048 61054 e358fd WriteFile 61054->61057 61055 e11754 32 API calls 61055->61057 61057->61052 61057->61053 61057->61054 61057->61055 61057->61059 61060 de4cc0 ~refcount_ptr 4 API calls 61057->61060 61067 def345 29 API calls 61057->61067 61068 def13c 24 API calls 61057->61068 61059->61053 61060->61054 61062 e357fc 61061->61062 61069 de9440 61062->61069 61065->61039 61066->61041 61067->61057 61068->61057 61070 de945b 61069->61070 61086 de9496 61070->61086 61088 de99a0 61070->61088 61072 de94dc 61075 de94f2 CreateFileW 61072->61075 61072->61086 61073 de97d9 61076 e3978b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 61073->61076 61074 de97d2 FindCloseChangeNotification 61074->61073 61077 de97bc GetLastError 61075->61077 61081 de951c 61075->61081 61078 de97f3 61076->61078 61077->61086 61078->61031 61080 de9697 SetFileTime 61080->61086 61082 de9753 61081->61082 61083 de961c FlushFileBuffers 61081->61083 61084 de95c0 WriteFile 61081->61084 61081->61086 61093 e364a0 61081->61093 61082->61077 61083->61080 61083->61086 61084->61081 61085 de96c2 GetLastError 61084->61085 61085->61086 61086->61073 61086->61074 61089 de99a7 61088->61089 61090 de99ac 61088->61090 61089->61072 61091 e57609 ___std_exception_copy 21 API calls 61090->61091 61092 de99ef 61090->61092 61091->61092 61092->61072 61094 e364ae SetLastError 61093->61094 61095 e364bd _memcpy_s 61093->61095 61098 e3655e 61094->61098 61096 e364cd ReadFile 61095->61096 61097 e364eb 61096->61097 61096->61098 61097->61098 61102 e35c8a 29 API calls _memcpy_s 61097->61102 61098->61081 61100 e36503 _strlen 61100->61098 61103 def154 24 API calls 61100->61103 61102->61100 61103->61100 61105 df0d60 __EH_prolog3 61104->61105 61108 def6c4 61105->61108 61107 df0d72 61107->60582 61109 e39c5c 22 API calls 61108->61109 61110 def6cb 61109->61110 61110->61107 61112 df3c7d 61111->61112 61113 df3ca3 61111->61113 61112->60586 61156 defd2d 61113->61156 61198 defbba 61115->61198 61118 df25a3 61119 df25b2 __EH_prolog3_GS 61118->61119 61204 df238b 61119->61204 61123 df2c58 61125 e39b34 5 API calls 61123->61125 61124 df2c45 FindCloseChangeNotification 61124->61123 61126 df2285 61125->61126 61126->60591 61127 df261c _wcslen 61144 df2625 _AnonymousOriginator 61127->61144 61229 df0300 61127->61229 61128 df2c07 _AnonymousOriginator 61128->61123 61128->61124 61131 df26a5 61234 df1e25 61131->61234 61133 df265a _wcslen 61133->61131 61134 df0300 53 API calls 61133->61134 61139 df268a _wcslen 61134->61139 61135 df2a3d 61138 df2a7e _AnonymousOriginator 61135->61138 61256 df3386 26 API calls _memcpy_s 61135->61256 61136 df2adf _AnonymousOriginator 61142 df2b43 _AnonymousOriginator 61136->61142 61258 df3386 26 API calls _memcpy_s 61136->61258 61138->61136 61257 df3386 26 API calls _memcpy_s 61138->61257 61139->61131 61250 df3c11 61139->61250 61142->61144 61259 df3386 26 API calls _memcpy_s 61142->61259 61144->61128 61260 df3386 26 API calls _memcpy_s 61144->61260 61146 df3107 53 API calls 61153 df2751 61146->61153 61147 df1e25 53 API calls 61147->61153 61148 df0bc7 29 API calls 61148->61153 61149 df3f72 53 API calls 61149->61153 61150 df3afb 26 API calls 61150->61153 61152 df49d6 29 API calls 61152->61153 61153->61135 61153->61146 61153->61147 61153->61148 61153->61149 61153->61150 61153->61152 61155 df3c6d 29 API calls 61153->61155 61254 df228a 53 API calls 2 library calls 61153->61254 61255 df040a 53 API calls __EH_prolog3 61153->61255 61155->61153 61157 defda4 61156->61157 61158 defd43 61156->61158 61173 de4a40 29 API calls std::_Xinvalid_argument 61157->61173 61165 df3b78 61158->61165 61160 defda9 61162 defd61 61164 defd97 61162->61164 61172 def9f2 26 API calls _AnonymousOriginator 61162->61172 61164->61112 61166 df3b85 61165->61166 61167 df3b92 61165->61167 61174 def659 61166->61174 61181 df3ad3 RaiseException Concurrency::cancel_current_task 61167->61181 61170 df3b8d 61170->61162 61171 df3b97 61172->61164 61173->61160 61175 def666 61174->61175 61178 def66f 61174->61178 61182 def67f 61175->61182 61177 def67b 61177->61170 61178->61177 61180 e39c5c 22 API calls 61178->61180 61179 def66c 61179->61170 61180->61179 61181->61171 61183 df3ad3 Concurrency::cancel_current_task 61182->61183 61184 def690 61182->61184 61191 e0a414 61183->61191 61195 e51ff8 RaiseException 61183->61195 61185 e39c5c 22 API calls 61184->61185 61186 def696 61185->61186 61186->61183 61188 def69d 61186->61188 61189 e569d3 61186->61189 61188->61179 61196 e56948 26 API calls 3 library calls 61189->61196 61191->61179 61192 e569e2 61197 e569f0 11 API calls _abort 61192->61197 61194 e569ef 61195->61183 61196->61192 61197->61194 61202 defbc6 61198->61202 61199 defbe6 61199->61118 61200 defbba 26 API calls 61200->61202 61202->61199 61202->61200 61203 defcba 26 API calls _AnonymousOriginator 61202->61203 61203->61202 61205 df239c CreateFileW 61204->61205 61206 df239a 61204->61206 61207 df23bf 61205->61207 61208 df23c6 61205->61208 61206->61205 61267 de9840 61207->61267 61210 df23d9 61208->61210 61261 df21e2 61208->61261 61210->61128 61212 df2400 GetFileSize 61210->61212 61213 df242a 61212->61213 61216 df2510 61212->61216 61214 df24be GetProcessHeap HeapAlloc 61213->61214 61215 df2434 GetProcessHeap HeapAlloc 61213->61215 61214->61216 61217 df24d7 ReadFile 61214->61217 61215->61216 61218 df2451 ReadFile 61215->61218 61219 e3978b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 61216->61219 61220 df2500 61217->61220 61223 df2499 _wcslen 61217->61223 61221 df2501 GetProcessHeap HeapFree 61218->61221 61225 df246e _strlen 61218->61225 61222 df2522 61219->61222 61220->61221 61221->61216 61222->61127 61226 df3c6d 29 API calls 61223->61226 61224 df247f 61224->61223 61225->61224 61271 df17cc MultiByteToWideChar 61225->61271 61227 df24aa GetProcessHeap HeapFree 61226->61227 61227->61216 61230 df0338 61229->61230 61233 df032c 61229->61233 61230->61233 61272 df3ed0 53 API calls 61230->61272 61273 e56b67 53 API calls _memcpy_s 61230->61273 61233->61133 61235 df1e31 __EH_prolog3_GS 61234->61235 61249 df1e73 61235->61249 61274 df0bc7 61235->61274 61238 e39b34 5 API calls 61240 df1ec0 61238->61240 61240->61153 61243 df1e6b 61244 df0bc7 29 API calls 61243->61244 61243->61249 61245 df1e88 61244->61245 61246 df3f72 53 API calls 61245->61246 61247 df1e9b 61246->61247 61248 df3afb 26 API calls 61247->61248 61248->61249 61249->61238 61251 df3c55 61250->61251 61253 df3c27 61250->61253 61309 defece 29 API calls 61251->61309 61253->61131 61254->61153 61255->61153 61256->61138 61257->61136 61258->61142 61259->61144 61260->61128 61262 df223d SetFilePointer 61261->61262 61263 df2200 ReadFile 61261->61263 61265 e3978b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 61262->61265 61263->61262 61264 df2226 61263->61264 61264->61262 61266 df2258 61265->61266 61266->61210 61268 de984a 61267->61268 61269 de9860 61267->61269 61268->61269 61270 de9853 FindCloseChangeNotification 61268->61270 61269->61208 61270->61269 61271->61224 61272->61230 61273->61230 61275 df0be6 _wcslen 61274->61275 61291 def7a9 61275->61291 61277 df0bf2 61278 df3f72 61277->61278 61279 df3f81 61278->61279 61299 df010f 61279->61299 61282 df3afb 61283 df3b15 61282->61283 61284 df3b06 61282->61284 61283->61243 61286 e569d3 61283->61286 61306 def9f2 26 API calls _AnonymousOriginator 61284->61306 61307 e56948 26 API calls 3 library calls 61286->61307 61288 e569e2 61308 e569f0 11 API calls _abort 61288->61308 61290 e569ef 61292 def81d 61291->61292 61295 def7c0 61291->61295 61298 de4a40 29 API calls std::_Xinvalid_argument 61292->61298 61294 def822 61296 df3b78 28 API calls 61295->61296 61297 def7cb 61295->61297 61296->61297 61297->61277 61298->61294 61301 df013f 61299->61301 61303 df0194 61299->61303 61301->61303 61304 e56b67 53 API calls _memcpy_s 61301->61304 61305 df4028 53 API calls 61301->61305 61303->61282 61304->61301 61305->61301 61306->61283 61307->61288 61308->61290 61309->61253 61310->60598 61311->60610 61312->60620 61314 e3787b CharPrevW 61313->61314 61315 e3786f CharNextW 61313->61315 61316 e373ee lstrcatW 61314->61316 61317 e3788d 61314->61317 61315->61314 61315->61315 61316->60491 61321 e387af CharNextW CharNextW CharNextW CharNextW 61317->61321 61319 e37893 61319->61316 61320 e37897 CharNextW 61319->61320 61320->61316 61321->61319 61322 e381f0 61323 e381ff __EH_prolog3_GS 61322->61323 61343 de6b40 61323->61343 61325 e38218 _memcpy_s 61349 df5eae 61325->61349 61329 e38299 61370 de7930 SysStringLen 61329->61370 61331 e382a9 CreateProcessW 61377 de5f90 GetLastError 61331->61377 61333 e38358 61335 de4cc0 ~refcount_ptr 4 API calls 61333->61335 61334 e38307 MsgWaitForMultipleObjects 61336 e382d1 61334->61336 61337 e3831a GetExitCodeProcess CloseHandle 61334->61337 61338 e38371 61335->61338 61336->61333 61336->61334 61336->61337 61339 e382e7 PeekMessageW 61336->61339 61340 df5eae 228 API calls 61337->61340 61341 e39b34 5 API calls 61338->61341 61339->61336 61339->61337 61340->61333 61342 e38378 61341->61342 61344 de6b7d GetLastError 61343->61344 61345 de6b70 61343->61345 61346 de6bd0 61344->61346 61345->61344 61346->61346 61347 de91c0 30 API calls 61346->61347 61348 de6bea SetLastError 61347->61348 61348->61325 61350 df5eba __EH_prolog3_GS 61349->61350 61351 df5f53 61350->61351 61352 de60a0 2 API calls 61350->61352 61353 e39b34 5 API calls 61351->61353 61354 df5eef 61352->61354 61355 df5f58 61353->61355 61389 de61f0 61354->61389 61365 de6a60 61355->61365 61358 df5f47 61360 de4cc0 ~refcount_ptr 4 API calls 61358->61360 61359 de6b40 32 API calls 61361 df5f27 61359->61361 61360->61351 61401 de5c50 61361->61401 61364 de4cc0 ~refcount_ptr 4 API calls 61364->61358 61366 de6aab 61365->61366 61367 de6a7d 61365->61367 61366->61329 61368 de6a87 61367->61368 61474 de8610 31 API calls _memcpy_s 61367->61474 61368->61329 61371 de7947 SysReAllocStringLen 61370->61371 61374 de796f 61370->61374 61373 de795b _memcpy_s 61371->61373 61373->61331 61374->61373 61475 e569d3 26 API calls _memcpy_s 61374->61475 61378 de6001 61377->61378 61382 de5fcb 61377->61382 61379 de603c SetLastError 61378->61379 61380 de7530 79 API calls 61378->61380 61381 e3978b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 61379->61381 61384 de6017 61380->61384 61385 de605b 61381->61385 61383 de8130 31 API calls 61382->61383 61383->61378 61386 de6034 61384->61386 61387 de8130 31 API calls 61384->61387 61385->61336 61388 de4cc0 ~refcount_ptr 4 API calls 61386->61388 61387->61386 61388->61379 61390 de621f 61389->61390 61413 e55540 61390->61413 61394 de6266 61416 de5f10 SysStringLen 61394->61416 61396 de6294 61423 e55564 61396->61423 61399 de5f90 81 API calls 61400 de62b3 61399->61400 61400->61358 61400->61359 61402 de5c63 61401->61402 61406 de5cd7 61401->61406 61404 de5c6d RegOpenKeyExW 61402->61404 61402->61406 61403 de5d18 61403->61364 61405 de5c93 RegQueryValueExW 61404->61405 61404->61406 61407 de5d1e 61405->61407 61408 de5cbe 61405->61408 61406->61403 61473 de53f0 220 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 61406->61473 61407->61406 61410 de5d22 RegCloseKey 61407->61410 61408->61407 61411 de5cc4 61408->61411 61410->61406 61411->61406 61412 de5cd0 RegCloseKey 61411->61412 61412->61406 61427 e54000 61413->61427 61417 de5f2a SysReAllocStringLen 61416->61417 61420 de5f52 61416->61420 61419 de5f3e _memcpy_s 61417->61419 61419->61396 61420->61419 61450 e569d3 26 API calls _memcpy_s 61420->61450 61451 e54185 61423->61451 61425 de62a8 61425->61399 61426 de8610 31 API calls _memcpy_s 61426->61394 61428 e54040 61427->61428 61429 e54028 61427->61429 61428->61429 61430 e54048 61428->61430 61444 e56d99 20 API calls _abort 61429->61444 61446 e544f5 51 API calls 2 library calls 61430->61446 61432 e5402d 61445 e569c3 26 API calls _memcpy_s 61432->61445 61435 e54058 61447 e544c0 20 API calls _memcpy_s 61435->61447 61436 e3978b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 61438 de623b 61436->61438 61438->61394 61438->61426 61439 e540d0 61448 e54862 61 API calls 2 library calls 61439->61448 61442 e54038 61442->61436 61443 e540db 61449 e54578 20 API calls _free 61443->61449 61444->61432 61445->61442 61446->61435 61447->61439 61448->61443 61449->61442 61452 e541a5 61451->61452 61453 e54190 61451->61453 61454 e541e9 61452->61454 61456 e541b3 61452->61456 61467 e56d99 20 API calls _abort 61453->61467 61471 e56d99 20 API calls _abort 61454->61471 61469 e53e7b 61 API calls 3 library calls 61456->61469 61458 e54195 61468 e569c3 26 API calls _memcpy_s 61458->61468 61461 e541a0 61461->61425 61462 e541e1 61472 e569c3 26 API calls _memcpy_s 61462->61472 61464 e541cb 61465 e541f9 61464->61465 61470 e56d99 20 API calls _abort 61464->61470 61465->61425 61467->61458 61468->61461 61469->61464 61470->61462 61471->61462 61472->61465 61473->61403 61474->61366 61476 e43421 GetVersion 61477 e43431 61476->61477 61478 e4342e 61476->61478 61481 e4343d GetCurrentThread OpenThreadToken 61477->61481 61482 e434b3 GetTokenInformation 61481->61482 61483 e43478 GetLastError 61481->61483 61484 e434d9 GetLastError 61482->61484 61485 e434cb 61482->61485 61486 e43496 61483->61486 61487 e43481 GetCurrentProcess OpenProcessToken GetLastError 61483->61487 61484->61485 61489 e434e0 61484->61489 61506 e43599 FindCloseChangeNotification 61485->61506 61486->61482 61490 e4349b 61486->61490 61487->61486 61491 e39c5c 22 API calls 61489->61491 61505 e43599 FindCloseChangeNotification 61490->61505 61492 e434e8 GetTokenInformation 61491->61492 61494 e43501 AllocateAndInitializeSid 61492->61494 61495 e434fe 61492->61495 61494->61495 61497 e4352c 61494->61497 61504 e43599 FindCloseChangeNotification 61495->61504 61496 e434a5 _AnonymousOriginator 61498 e3978b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 61496->61498 61500 e43566 FreeSid 61497->61500 61502 e43538 EqualSid 61497->61502 61503 e4354f 61497->61503 61501 e4343a 61498->61501 61500->61495 61502->61497 61502->61503 61503->61500 61504->61496 61505->61496 61506->61496 61507 e38574 61508 e38580 __EH_prolog3_GS 61507->61508 61509 e385cc 61508->61509 61527 df440b 61508->61527 61512 e385eb 61509->61512 61514 de4cc0 ~refcount_ptr 4 API calls 61509->61514 61516 e39c53 22 API calls 61512->61516 61523 e38695 _AnonymousOriginator 61512->61523 61514->61512 61515 e39b34 5 API calls 61517 e386b6 61515->61517 61518 e38603 WNetGetUniversalNameW 61516->61518 61520 e38633 61518->61520 61524 e3866b _wcslen 61518->61524 61521 e39c53 22 API calls 61520->61521 61522 e38642 _AnonymousOriginator 61521->61522 61525 e3865e WNetGetUniversalNameW 61522->61525 61523->61515 61524->61523 61526 de8130 31 API calls 61524->61526 61525->61524 61526->61523 61528 df4417 __EH_prolog3_GS 61527->61528 61529 de60a0 2 API calls 61528->61529 61530 df4434 61529->61530 61531 df4449 61530->61531 61532 df449a 61530->61532 61552 df01b4 53 API calls 61531->61552 61534 df44d5 61532->61534 61556 df499b 32 API calls __EH_prolog3 61532->61556 61538 df44f1 61534->61538 61558 df4217 38 API calls 2 library calls 61534->61558 61535 df4463 61537 df4476 61535->61537 61553 df4005 53 API calls 61535->61553 61554 df499b 32 API calls __EH_prolog3 61537->61554 61543 e39b34 5 API calls 61538->61543 61539 df44b7 61557 de7b80 31 API calls 61539->61557 61547 df44f8 GetDriveTypeW 61543->61547 61545 df44e6 61549 de4cc0 ~refcount_ptr 4 API calls 61545->61549 61546 df4485 61555 de7b80 31 API calls 61546->61555 61547->61509 61548 df4498 61551 de4cc0 ~refcount_ptr 4 API calls 61548->61551 61549->61538 61551->61534 61552->61535 61553->61537 61554->61546 61555->61548 61556->61539 61557->61548 61558->61545 61559 e3d8f9 61622 e39b85 61559->61622 61561 e3d908 AllocateAndInitializeSid 61562 e3d994 AllocateAndInitializeSid 61561->61562 61563 e3d96b 61561->61563 61562->61563 61564 e3d9b4 AllocateAndInitializeSid 61562->61564 61565 df070a 32 API calls 61563->61565 61564->61563 61566 e3d9d4 _memcpy_s 61564->61566 61583 e3d98c _AnonymousOriginator 61565->61583 61567 e3d9e3 SetEntriesInAclW 61566->61567 61567->61563 61568 e3da85 61567->61568 61569 e39c53 22 API calls 61568->61569 61571 e3da8c _AnonymousOriginator 61569->61571 61570 e3dcb5 61573 e3dcd0 61570->61573 61575 e3dcc2 FreeSid 61570->61575 61574 e3dc43 61571->61574 61579 e3da9f InitializeSecurityDescriptor 61571->61579 61572 e3dca7 FreeSid 61572->61570 61576 e3dceb 61573->61576 61577 e3dcdd FreeSid 61573->61577 61580 df070a 32 API calls 61574->61580 61575->61573 61578 de4cc0 ~refcount_ptr 4 API calls 61576->61578 61577->61576 61581 e3dcf3 61578->61581 61579->61574 61582 e3dab9 SetSecurityDescriptorDacl 61579->61582 61580->61583 61584 e39b34 5 API calls 61581->61584 61582->61574 61585 e3dad8 61582->61585 61583->61570 61583->61572 61586 e3dcfa 61584->61586 61587 de60a0 2 API calls 61585->61587 61588 e3db04 61587->61588 61589 e3db62 61588->61589 61590 e3db0e 61588->61590 61690 de7b80 31 API calls 61589->61690 61592 e3db31 61590->61592 61671 df496d 31 API calls 61590->61671 61672 df40be SysStringLen 61592->61672 61595 e3db60 61623 e3d7cf UuidCreate 61595->61623 61606 de4cc0 ~refcount_ptr 4 API calls 61607 e3dbbe 61606->61607 61608 de4cc0 ~refcount_ptr 4 API calls 61607->61608 61609 e3dbc9 61608->61609 61610 de4cc0 ~refcount_ptr 4 API calls 61609->61610 61611 e3dbd8 61610->61611 61612 df0617 32 API calls 61611->61612 61613 e3dc01 61612->61613 61660 e3c289 61613->61660 61615 e3dc06 61616 e3dc38 61615->61616 61617 e3dc0d 61615->61617 61691 df4217 38 API calls 2 library calls 61616->61691 61619 df070a 32 API calls 61617->61619 61620 e3dc2e 61619->61620 61621 de4cc0 ~refcount_ptr 4 API calls 61620->61621 61621->61583 61622->61561 61692 e3d62e 61623->61692 61626 e3978b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 61627 e3d816 61626->61627 61628 df5510 61627->61628 61629 df551c __EH_prolog3_GS 61628->61629 61630 df099e 32 API calls 61629->61630 61631 df553b 61630->61631 61632 df5247 31 API calls 61631->61632 61633 df5550 61632->61633 61634 df0809 32 API calls 61633->61634 61635 df555c 61634->61635 61636 de4cc0 ~refcount_ptr 4 API calls 61635->61636 61637 df556b 61636->61637 61638 e39b34 5 API calls 61637->61638 61639 df5572 61638->61639 61640 dfb88d 61639->61640 61641 dfb899 __EH_prolog3_GS 61640->61641 61642 df0809 32 API calls 61641->61642 61643 dfb8b4 _wcslen 61642->61643 61716 df529e 61643->61716 61645 dfb8ce 61720 dfb941 61645->61720 61647 dfb8d9 61648 df0809 32 API calls 61647->61648 61649 dfb8ea 61648->61649 61650 de4cc0 ~refcount_ptr 4 API calls 61649->61650 61651 dfb8fd 61650->61651 61652 de4cc0 ~refcount_ptr 4 API calls 61651->61652 61653 dfb909 61652->61653 61654 e39b34 5 API calls 61653->61654 61655 dfb910 61654->61655 61656 df5247 61655->61656 61657 df5255 61656->61657 61658 df529e 31 API calls 61657->61658 61659 df5260 61658->61659 61659->61606 61727 e39b52 61660->61727 61662 e3c295 GetModuleHandleW GetProcAddress 61663 e3c2cb GetModuleHandleW GetProcAddress 61662->61663 61664 e3c2ba CreateDirectoryW 61662->61664 61665 e3c2f0 61663->61665 61666 e3c2e4 61663->61666 61664->61665 61668 de4cc0 ~refcount_ptr 4 API calls 61665->61668 61728 def345 29 API calls 61666->61728 61670 e3c2fa 61668->61670 61669 e3c2ec 61669->61665 61670->61615 61671->61592 61673 df40ea 61672->61673 61674 df40d4 SysReAllocStringLen 61672->61674 61677 df40fd GetTempPathW 61673->61677 61729 df33db 28 API calls 61673->61729 61674->61677 61678 df132b GetLastError 61677->61678 61679 df1390 61678->61679 61680 df1369 _wcslen 61678->61680 61681 df13c8 SetLastError 61679->61681 61730 df088a 66 API calls 2 library calls 61679->61730 61685 de8130 31 API calls 61680->61685 61683 e3978b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 61681->61683 61684 df13e7 61683->61684 61684->61595 61685->61679 61686 df13aa 61731 de7b80 31 API calls 61686->61731 61688 df13bc 61689 de4cc0 ~refcount_ptr 4 API calls 61688->61689 61689->61681 61690->61595 61691->61620 61693 e3d63a __EH_prolog3_GS 61692->61693 61694 de60a0 2 API calls 61693->61694 61695 e3d668 UuidToStringW 61694->61695 61696 e3d69a _wcslen 61695->61696 61697 de8130 31 API calls 61696->61697 61698 e3d6a5 61697->61698 61703 e3fc7d 61698->61703 61700 e3d6ac RpcStringFreeW 61701 e39b34 5 API calls 61700->61701 61702 e3d6bd 61701->61702 61702->61626 61704 e3fc89 __EH_prolog3 61703->61704 61711 dfb9d3 61704->61711 61707 df40be 30 API calls 61708 e3fca5 CharUpperW 61707->61708 61709 df132b 68 API calls 61708->61709 61710 e3fcb5 61709->61710 61710->61700 61712 dfb9ee 61711->61712 61713 dfb9f8 61711->61713 61715 df496d 31 API calls 61712->61715 61713->61707 61715->61713 61717 df52b4 61716->61717 61718 df52e2 61716->61718 61717->61645 61726 df4a6a 31 API calls 61718->61726 61721 dfb94d __EH_prolog3 61720->61721 61722 dfb965 GetLastError 61721->61722 61723 df0a35 30 API calls 61722->61723 61724 dfb983 SetLastError 61723->61724 61725 dfb9af 61724->61725 61725->61647 61726->61717 61727->61662 61728->61669 61729->61677 61730->61686 61731->61688 61732 df3315 61733 df3322 61732->61733 61734 e37704 9 API calls 61733->61734 61735 df3347 61734->61735 61736 e373a9 11 API calls 61735->61736 61737 df335d 61736->61737 61742 df328b 61737->61742 61740 e3978b __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 61741 df3382 61740->61741 61745 df3220 61742->61745 61746 df322c __EH_prolog3_GS 61745->61746 61747 df0563 22 API calls 61746->61747 61748 df3243 61747->61748 61749 df225c 70 API calls 61748->61749 61750 df3253 61749->61750 61759 df2fcc 61750->61759 61756 df3280 61757 e39b34 5 API calls 61756->61757 61758 df3288 61757->61758 61758->61740 61760 df2fd8 __EH_prolog3_GS 61759->61760 61761 df2ff0 61760->61761 61762 df0bc7 29 API calls 61760->61762 61763 e39b34 5 API calls 61761->61763 61764 df3002 61762->61764 61765 df3104 61763->61765 61824 defbec 53 API calls 61764->61824 61798 df2c60 61765->61798 61767 df3010 61768 df3afb 26 API calls 61767->61768 61769 df301e 61768->61769 61770 df3056 61769->61770 61771 df3022 61769->61771 61772 df30f5 61770->61772 61790 df3054 61770->61790 61776 df0bc7 29 API calls 61771->61776 61771->61790 61833 df355e 26 API calls 61772->61833 61773 df306d 61779 df0bc7 29 API calls 61773->61779 61774 df30a1 61777 df0bc7 29 API calls 61774->61777 61778 df3034 61776->61778 61780 df30aa 61777->61780 61825 df228a 53 API calls 2 library calls 61778->61825 61782 df3076 61779->61782 61783 df0bc7 29 API calls 61780->61783 61826 defa4d 53 API calls 61782->61826 61786 df30ba 61783->61786 61784 df3046 61787 df3afb 26 API calls 61784->61787 61828 df040a 53 API calls __EH_prolog3 61786->61828 61787->61790 61788 df308c 61827 df3478 26 API calls 61788->61827 61790->61773 61790->61774 61792 df30cd 61829 df14e1 61792->61829 61793 df3098 61796 df3afb 26 API calls 61793->61796 61796->61761 61797 df3afb 26 API calls 61797->61793 61834 e39b85 61798->61834 61800 df2c6f CreateFileW 61801 df2cb4 61800->61801 61802 df2faf 61800->61802 61803 de9840 FindCloseChangeNotification 61801->61803 61805 de9840 FindCloseChangeNotification 61802->61805 61804 df2cbf 61803->61804 61835 df3168 61804->61835 61806 df2fc2 61805->61806 61807 e39b34 5 API calls 61806->61807 61809 df2fc9 61807->61809 61823 df0fd7 26 API calls 61809->61823 61810 df2fa3 61812 df3afb 26 API calls 61810->61812 61811 df0bc7 29 API calls 61822 df2d0f _wcslen 61811->61822 61812->61802 61813 df3c6d 29 API calls 61813->61822 61814 df2f75 _wcslen 61814->61810 61816 df3c6d 29 API calls 61814->61816 61815 df3168 WriteFile 61815->61822 61816->61810 61820 def54d 29 API calls 61820->61822 61821 df3afb 26 API calls 61821->61822 61822->61811 61822->61813 61822->61814 61822->61815 61822->61820 61822->61821 61838 def5ba 61822->61838 61842 def5fc 61822->61842 61846 def582 61822->61846 61823->61756 61824->61767 61825->61784 61826->61788 61827->61793 61828->61792 61830 df1503 61829->61830 61831 df14ee 61829->61831 61830->61797 61832 df3c6d 29 API calls 61831->61832 61832->61830 61833->61761 61834->61800 61836 df3175 _wcslen 61835->61836 61837 df317d WriteFile 61836->61837 61837->61822 61839 def5c6 __EH_prolog3 _wcslen 61838->61839 61840 df3c11 29 API calls 61839->61840 61841 def5df 61840->61841 61841->61822 61843 def608 __EH_prolog3 61842->61843 61850 df4111 61843->61850 61845 def627 61845->61822 61847 def58e __EH_prolog3 61846->61847 61859 df3bf4 61847->61859 61849 def59d 61849->61822 61851 df4127 61850->61851 61852 df41e2 61850->61852 61856 df4137 61851->61856 61857 deff63 29 API calls 61851->61857 61858 de8e30 28 API calls _AnonymousOriginator 61852->61858 61855 df41e7 61856->61845 61857->61856 61858->61855 61860 df3c02 61859->61860 61861 df3c11 29 API calls 61860->61861 61862 df3c0d 61861->61862 61862->61849 61863 e242ee 61864 e242fd _memcpy_s __EH_prolog3_GS 61863->61864 61865 e24367 InitializeSecurityDescriptor 61864->61865 61866 e24381 CreateWellKnownSid 61865->61866 61878 e245bf 61865->61878 61867 e243a6 CreateWellKnownSid 61866->61867 61866->61878 61869 e243cb CreateWellKnownSid 61867->61869 61867->61878 61868 e39b34 5 API calls 61870 e245ca 61868->61870 61871 e243f0 CreateWellKnownSid 61869->61871 61869->61878 61872 e24415 CreateWellKnownSid 61871->61872 61871->61878 61873 e2443a SetEntriesInAclW 61872->61873 61872->61878 61874 e2451e 61873->61874 61876 e24596 61873->61876 61875 e24526 SetSecurityDescriptorOwner 61874->61875 61874->61876 61875->61876 61877 e2453f SetSecurityDescriptorGroup 61875->61877 61876->61878 61880 e245ad LocalFree 61876->61880 61877->61876 61879 e24558 SetSecurityDescriptorDacl 61877->61879 61878->61868 61879->61876 61881 e24572 CoInitializeSecurity 61879->61881 61880->61878 61881->61876

                                      Executed Functions

                                      Function 00E36278 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 160fileCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00E3627F
                                      • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000,00000040,00E35D66,?,HFh,Fh,?,00000008,00000010,00E35347), ref: 00E362B1
                                      • CreateFileMappingW.KERNELBASE(00000000,00000000,00000002,00000000,00000000,00000000), ref: 00E362D0
                                      • GetSystemInfo.KERNELBASE(?), ref: 00E362EA
                                      • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,000000FF), ref: 00E362FE
                                      • IsBadReadPtr.KERNEL32(?,000000F8), ref: 00E3632D
                                      • UnmapViewOfFile.KERNEL32(00000000), ref: 00E3634D
                                      • MapViewOfFile.KERNEL32(00000008,00000004,00000000,00000000,?), ref: 00E3635F
                                      • UnmapViewOfFile.KERNEL32(00000000), ref: 00E36376
                                      • IsBadReadPtr.KERNEL32(?,000000F8), ref: 00E3639D
                                      • GetLastError.KERNEL32 ref: 00E363F2
                                      • UnmapViewOfFile.KERNEL32(00000000), ref: 00E3640C
                                      • CloseHandle.KERNEL32(Fh), ref: 00E3642C
                                      • CloseHandle.KERNEL32(00000000), ref: 00E36443
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: File$View$Unmap$CloseCreateHandleRead$ErrorH_prolog3InfoLastMappingSystem
                                      • String ID: Fh$Fh$HFh
                                      • API String ID: 2034668665-991725075
                                      • Opcode ID: f3d042cca978128ad95c7bef0a533100d85c16e4dd1f2b475dd016fdd7e081f7
                                      • Instruction ID: c96ddd6582dc0911555165c4000a3c81346a9578c0dda0c62c6474e48400eb79
                                      • Opcode Fuzzy Hash: f3d042cca978128ad95c7bef0a533100d85c16e4dd1f2b475dd016fdd7e081f7
                                      • Instruction Fuzzy Hash: 71516B71A01715EFEB218FA5CC8CBAEBEB4BF44718F149029E514BB291DBB48D44CB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E4343D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 139threadmemoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 124 e4343d-e43476 GetCurrentThread OpenThreadToken 125 e434b3-e434c9 GetTokenInformation 124->125 126 e43478-e4347f GetLastError 124->126 127 e434d9-e434de GetLastError 125->127 128 e434cb-e434d4 call e43599 125->128 129 e43496-e43499 126->129 130 e43481-e43494 GetCurrentProcess OpenProcessToken GetLastError 126->130 127->128 132 e434e0-e434fc call e39c5c GetTokenInformation 127->132 139 e43588-e4358a 128->139 133 e434ac-e434ae 129->133 134 e4349b 129->134 130->129 142 e43501-e4352a AllocateAndInitializeSid 132->142 143 e434fe-e434ff 132->143 133->125 138 e434b0-e434b1 133->138 137 e4349d-e434a7 call e43599 134->137 144 e4358b-e43598 call e3978b 137->144 138->137 139->144 142->143 147 e4352c-e43533 142->147 146 e43572-e43575 call e43599 143->146 153 e4357a-e43586 call e398ae 146->153 150 e43535 147->150 151 e43566-e4356f FreeSid 147->151 154 e43538-e43545 EqualSid 150->154 151->146 153->139 156 e43547-e4354d 154->156 157 e43551-e43555 154->157 156->154 161 e4354f 156->161 158 e43557-e43560 157->158 159 e43562 157->159 158->151 158->159 159->151 161->151
                                      APIs
                                      • GetCurrentThread.KERNEL32 ref: 00E43461
                                      • OpenThreadToken.ADVAPI32(00000000,?,?,?,?,00E4343A), ref: 00E43468
                                      • GetLastError.KERNEL32(?,?,?,?,00E4343A), ref: 00E43478
                                      • GetCurrentProcess.KERNEL32(00000008,?,?,?,?,?,00E4343A), ref: 00E43487
                                      • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,00E4343A), ref: 00E4348E
                                      • GetLastError.KERNEL32(?,?,?,?,00E4343A), ref: 00E43494
                                      • GetTokenInformation.KERNELBASE(?,00000002,00000000,00000000,?,?,?,?,?,?,00E4343A), ref: 00E434C5
                                      • GetLastError.KERNEL32(?,?,?,?,?,00E4343A), ref: 00E434D9
                                      • GetTokenInformation.KERNELBASE(?,00000002,00000000,?,?,?,?,?,?,?,00E4343A), ref: 00E434F8
                                      • AllocateAndInitializeSid.ADVAPI32(:4,00000002,00000020,00000223,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00E43522
                                      • EqualSid.ADVAPI32(00000004,?,?,?,?,?,?,00E4343A), ref: 00E4353D
                                      • FreeSid.ADVAPI32(?,?,?,?,?,?,00E4343A), ref: 00E43569
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Token$ErrorLast$CurrentInformationOpenProcessThread$AllocateEqualFreeInitialize
                                      • String ID: :4
                                      • API String ID: 884311744-650760727
                                      • Opcode ID: 62398627c7d7829c707c0587a468d7d49e201ff2541bc1949f54df4027dc9a27
                                      • Instruction ID: 8973ab0b09d3c03275e01a1a2fe73361d9c22f4ba289c21e52f127b20e34ac54
                                      • Opcode Fuzzy Hash: 62398627c7d7829c707c0587a468d7d49e201ff2541bc1949f54df4027dc9a27
                                      • Instruction Fuzzy Hash: 5241A172904209BEEB119BB5EC89FFFBBBCEF04348F205429F511B6091DA359E448B60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E242EE Relevance: 19.7, APIs: 13, Instructions: 215COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 162 e242ee-e2437b call e39b85 call e514b0 * 6 InitializeSecurityDescriptor 177 e245c3 162->177 178 e24381-e243a0 CreateWellKnownSid 162->178 179 e245c5-e245ca call e39b34 177->179 178->177 180 e243a6-e243c5 CreateWellKnownSid 178->180 180->177 182 e243cb-e243ea CreateWellKnownSid 180->182 182->177 184 e243f0-e2440f CreateWellKnownSid 182->184 184->177 185 e24415-e24434 CreateWellKnownSid 184->185 185->177 186 e2443a-e2451c SetEntriesInAclW 185->186 187 e24596 186->187 188 e2451e-e24524 186->188 190 e24598-e245a3 187->190 188->187 189 e24526-e2453d SetSecurityDescriptorOwner 188->189 189->187 191 e2453f-e24556 SetSecurityDescriptorGroup 189->191 192 e245a5-e245ab 190->192 193 e245bf-e245c1 190->193 191->187 194 e24558-e24570 SetSecurityDescriptorDacl 191->194 192->193 195 e245ad-e245b9 LocalFree 192->195 193->179 194->187 196 e24572-e24594 CoInitializeSecurity 194->196 195->193 196->190
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E242F8
                                      • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 00E24373
                                      • CreateWellKnownSid.ADVAPI32(0000001A,00000000,?,?), ref: 00E24398
                                      • CreateWellKnownSid.ADVAPI32(00000017,00000000,?,?), ref: 00E243BD
                                      • CreateWellKnownSid.ADVAPI32(00000018,00000000,?,?), ref: 00E243E2
                                      • CreateWellKnownSid.ADVAPI32(00000010,00000000,?,?), ref: 00E24407
                                      • CreateWellKnownSid.ADVAPI32(00000016,00000000,?,?), ref: 00E2442C
                                      • SetEntriesInAclW.ADVAPI32(00000005,?,00000000,?), ref: 00E24514
                                      • SetSecurityDescriptorOwner.ADVAPI32(?,?,00000000), ref: 00E24535
                                      • SetSecurityDescriptorGroup.ADVAPI32(?,?,00000000), ref: 00E2454E
                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00E24568
                                      • CoInitializeSecurity.OLE32(?,000000FF,00000000,00000000,00000006,00000002,00000000,00002000,00000000), ref: 00E24587
                                      • LocalFree.KERNEL32(00000000), ref: 00E245B3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CreateKnownSecurityWell$Descriptor$Initialize$DaclEntriesFreeGroupH_prolog3_LocalOwner
                                      • String ID:
                                      • API String ID: 1218890879-0
                                      • Opcode ID: 4023e78911ebbd9916845c5dd93acff350075d633bdea0b512509e29e0bc77d0
                                      • Instruction ID: 2bd8b24ed64cb027079ccb0863fe460423c12f0f690e852e7429f4498f8eb0c5
                                      • Opcode Fuzzy Hash: 4023e78911ebbd9916845c5dd93acff350075d633bdea0b512509e29e0bc77d0
                                      • Instruction Fuzzy Hash: 0891A8B1D4122DAADF20DF95DC48BDEBBBCAF48740F1041ABA509F2150DB749A84CFA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DF2400 Relevance: 19.6, APIs: 13, Instructions: 109memoryfileCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 197 df2400-df2424 GetFileSize 198 df242a-df242e 197->198 199 df2510 197->199 200 df24be-df24d5 GetProcessHeap HeapAlloc 198->200 201 df2434-df244b GetProcessHeap HeapAlloc 198->201 202 df2512-df2523 call e3978b 199->202 200->199 203 df24d7-df24ed ReadFile 200->203 201->199 204 df2451-df2468 ReadFile 201->204 206 df24ef-df24f9 203->206 207 df2500 203->207 208 df246e-df247d call e53df0 204->208 209 df2501-df250a GetProcessHeap HeapFree 204->209 211 df24fb-df24fe 206->211 212 df2499-df24a5 call e53ca3 call df3c6d 206->212 207->209 217 df247f-df2481 208->217 218 df2483-df2497 call e39c90 call df17cc 208->218 209->199 211->212 221 df24aa-df24bc GetProcessHeap HeapFree 212->221 217->212 218->212 221->202
                                      APIs
                                      • GetFileSize.KERNEL32(00DF85E6,00000000,?,?,00000001,?,?,?,00DF261C,000000FF,?,?,000000FF,?), ref: 00DF2419
                                      • GetProcessHeap.KERNEL32(00000008,00000001,?,00000001,?,?,?,00DF261C,000000FF,?,?,000000FF,?), ref: 00DF243A
                                      • HeapAlloc.KERNEL32(00000000,?,00000001,?,?,?,00DF261C,000000FF,?,?,000000FF,?), ref: 00DF2441
                                      • ReadFile.KERNEL32(00DF85E6,00000000,00000000,00000000,00000000,?,00000001,?,?,?,00DF261C,000000FF,?,?,000000FF,?), ref: 00DF245F
                                      • _strlen.LIBCMT ref: 00DF246E
                                      • _wcslen.LIBCMT ref: 00DF249A
                                      • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,?,00000001,?,?,?,00DF261C,000000FF,?,?,000000FF,?), ref: 00DF24AD
                                      • HeapFree.KERNEL32(00000000,?,00000001,?,?,?,00DF261C,000000FF,?,?,000000FF,?), ref: 00DF24B4
                                      • GetProcessHeap.KERNEL32(00000008,00000003,?,00000001,?,?,?,00DF261C,000000FF,?,?,000000FF,?), ref: 00DF24C4
                                      • HeapAlloc.KERNEL32(00000000,?,00000001,?,?,?,00DF261C,000000FF,?,?,000000FF,?), ref: 00DF24CB
                                      • ReadFile.KERNELBASE(00DF85E6,00000000,00000000,00000000,00000000,?,00000001,?,?,?,00DF261C,000000FF,?,?,000000FF,?), ref: 00DF24E5
                                      • GetProcessHeap.KERNEL32(00000000,00000000,?,00000001,?,?,?,00DF261C,000000FF,?,?,000000FF,?), ref: 00DF2503
                                      • HeapFree.KERNEL32(00000000,?,00000001,?,?,?,00DF261C,000000FF,?,?,000000FF,?), ref: 00DF250A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Heap$Process$File$AllocFreeRead$Size_strlen_wcslen
                                      • String ID:
                                      • API String ID: 562540030-0
                                      • Opcode ID: bc08e247193f3d9c397cf86bc9c4f01a5f822e63eb588bc96f3587324fe24e70
                                      • Instruction ID: e19fc1a4e14331903679d1f1a4c660f92240f50763b05ef4013e7d6b2f44046f
                                      • Opcode Fuzzy Hash: bc08e247193f3d9c397cf86bc9c4f01a5f822e63eb588bc96f3587324fe24e70
                                      • Instruction Fuzzy Hash: F731CF72500608FFD7109BA6CC4DFBB7BA8EB45760F154414FA09EA190DFB09908CBB1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E5E71A Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentProcess.KERNEL32(?,?,00E5E6F0,?,00EB42D0,0000000C,00E5E847,?,00000002,00000000), ref: 00E5E73B
                                      • TerminateProcess.KERNEL32(00000000,?,00E5E6F0,?,00EB42D0,0000000C,00E5E847,?,00000002,00000000), ref: 00E5E742
                                      • ExitProcess.KERNEL32 ref: 00E5E754
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Process$CurrentExitTerminate
                                      • String ID:
                                      • API String ID: 1703294689-0
                                      • Opcode ID: 8ec7b63d70648d4dff981489d0a070de0eeb94e598311f129dfb7c69f7ed34a4
                                      • Instruction ID: e8a29d641512ebc01da20fc5f0254a64aabaf9af25270a9bfbce642fa888202a
                                      • Opcode Fuzzy Hash: 8ec7b63d70648d4dff981489d0a070de0eeb94e598311f129dfb7c69f7ed34a4
                                      • Instruction Fuzzy Hash: C5E04632000A08AFEF066F25DC08A583FA9EF09382B445854FC08AA221CB35DE4ACB80
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E43421 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetVersion.KERNEL32(00DF767B,Startup,?,00000001), ref: 00E43421
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Version
                                      • String ID:
                                      • API String ID: 1889659487-0
                                      • Opcode ID: 3047699de21742f345a7c5bfdd947f7c8cfb4c6ba0bdf0f4435ccb5d4ee87a6f
                                      • Instruction ID: b2f6d0fa29927325759255a28a4dec60d06fa77e722eb977e31cf4678e108841
                                      • Opcode Fuzzy Hash: 3047699de21742f345a7c5bfdd947f7c8cfb4c6ba0bdf0f4435ccb5d4ee87a6f
                                      • Instruction Fuzzy Hash: D8C092367856802EEA253720784ABCC62825780B12FF0648AF63ABE8D1CE9705C56A50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3D8F9 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 285memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E3D903
                                      • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0000014C,00E0EC27), ref: 00E3D965
                                      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00E3D9AE
                                      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000221,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00E3D9CE
                                      • SetEntriesInAclW.ADVAPI32(00000002,?), ref: 00E3DA77
                                      • InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00E3DAAA
                                      • SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,?,00000000), ref: 00E3DAC2
                                        • Part of subcall function 00DF070A: __EH_prolog3.LIBCMT ref: 00DF0711
                                        • Part of subcall function 00DF070A: GetLastError.KERNEL32(00000004,00DE4709,00E965D4,?,00000000), ref: 00DF0733
                                        • Part of subcall function 00DF070A: SetLastError.KERNEL32(?,?,?), ref: 00DF0774
                                      • FreeSid.ADVAPI32(00000000), ref: 00E3DCAD
                                      • FreeSid.ADVAPI32(?), ref: 00E3DCC8
                                      • FreeSid.ADVAPI32(00000000), ref: 00E3DCE3
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Initialize$AllocateFree$DescriptorErrorLastSecurity$DaclEntriesH_prolog3H_prolog3_
                                      • String ID: Hg$Pg$Pg
                                      • API String ID: 2579440028-4254811255
                                      • Opcode ID: 8c21529151f9a8f39900c98705d3c6368dd3fb470023e7dbe9514e83138e3f85
                                      • Instruction ID: 96d64fffd0388344991c53717f7d8a3e82ca17e3557aa3865782fb9dfb950c3b
                                      • Opcode Fuzzy Hash: 8c21529151f9a8f39900c98705d3c6368dd3fb470023e7dbe9514e83138e3f85
                                      • Instruction Fuzzy Hash: E0B12CB190425D9BDF21DF95DC89BEDBBB8BF44308F1054AAE109B6251EBB05A84CF60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E35F35 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 240fileCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E35F3F
                                      • ReadFile.KERNEL32(?,?,00000138,?,00000000), ref: 00E35F85
                                      • GetLastError.KERNEL32 ref: 00E35F8F
                                      • ReadFile.KERNEL32(?,00000000,00000018,?,00000000), ref: 00E36052
                                      • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00E360C3
                                      • GetLastError.KERNEL32 ref: 00E360CD
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: FileRead$ErrorLast$H_prolog3_
                                      • String ID: 0
                                      • API String ID: 216299841-4108050209
                                      • Opcode ID: f64f373be9facd8c30eaf099a59a3274a4faa0b4ee30439c9d2afe55836a1b34
                                      • Instruction ID: aa36e8c836c5508db997428b1fbe9c1d67eb0325925423438539c4dda83efb7a
                                      • Opcode Fuzzy Hash: f64f373be9facd8c30eaf099a59a3274a4faa0b4ee30439c9d2afe55836a1b34
                                      • Instruction Fuzzy Hash: 2DA137B5A01629AFDB24DFA5CC85AEEBBB8FF09310F005055E509B3641E731AA50CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E367E0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 137filestringCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E367EA
                                      • GetModuleFileNameW.KERNEL32(?,00000104), ref: 00E3682E
                                        • Part of subcall function 00E3529F: __EH_prolog3_GS.LIBCMT ref: 00E352A6
                                        • Part of subcall function 00E3529F: _wcslen.LIBCMT ref: 00E3531F
                                        • Part of subcall function 00E3529F: CreateFileW.KERNELBASE(00000140,80000000,00000003,00000000,00000003,00000080,00000000,00E965D4,00000000), ref: 00E35369
                                        • Part of subcall function 00E3529F: GetLastError.KERNEL32 ref: 00E35377
                                        • Part of subcall function 00E37674: __EH_prolog3_GS.LIBCMT ref: 00E3767B
                                      • GetTempPathW.KERNEL32(00000104,?,?,?,?,?,?,?,?,?), ref: 00E368A9
                                      • GetTempFileNameW.KERNELBASE(?,00E8FC0C,00000000,?,?,?,?,?,?,?,?,?), ref: 00E368C3
                                        • Part of subcall function 00DF070A: __EH_prolog3.LIBCMT ref: 00DF0711
                                        • Part of subcall function 00DF070A: GetLastError.KERNEL32(00000004,00DE4709,00E965D4,?,00000000), ref: 00DF0733
                                        • Part of subcall function 00DF070A: SetLastError.KERNEL32(?,?,?), ref: 00DF0774
                                        • Part of subcall function 00DF9714: __EH_prolog3.LIBCMT ref: 00DF971B
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      • lstrcpyW.KERNEL32(?,00EBDA78), ref: 00E3695A
                                      • DeleteFileW.KERNELBASE(?,?,?,00E965D4,?,?,?,?,?,00EB9530,?,?,?), ref: 00E369E4
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$File$H_prolog3_$FreeH_prolog3NameStringTemp$CreateDeleteModulePath_wcslenlstrcpy
                                      • String ID: Hg$Hg$Pg
                                      • API String ID: 2325931435-3920519673
                                      • Opcode ID: a5efb48d77bdf87502c6f0c3d14358c4881fbcbfb9f869500b43db52a48f0100
                                      • Instruction ID: 469bb664464a293ee3e422e258dccb1e48b0d0662389c52e10ed43d7330b3161
                                      • Opcode Fuzzy Hash: a5efb48d77bdf87502c6f0c3d14358c4881fbcbfb9f869500b43db52a48f0100
                                      • Instruction Fuzzy Hash: E951417184521CAECB61DBA0CC89BDE7BB8EB54304F4052D5E609B3151DB749F88CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E381F0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 132processwindowCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E381FA
                                        • Part of subcall function 00DE6B40: GetLastError.KERNEL32(7B1078F4), ref: 00DE6B91
                                        • Part of subcall function 00DE6B40: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE6C0A
                                      • CreateProcessW.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000020,00000000,00000000,?,?), ref: 00E382BE
                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00E382EF
                                      • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00E38310
                                      • GetExitCodeProcess.KERNELBASE(?,?), ref: 00E38321
                                      • CloseHandle.KERNEL32(?), ref: 00E38332
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLastProcess$CloseCodeCreateExitH_prolog3_HandleMessageMultipleObjectsPeekWait
                                      • String ID: Attempting to launch: %s$C:\CodeBases\isdev\Src\Runtime\MSI\Shared\Setup\utils.cpp$Launch result %d, exit code %d
                                      • API String ID: 2887555227-4199034270
                                      • Opcode ID: 7f28d47aeb3601c7ba4cc654642f6650b84c0f34df866b67ef575d41263ce3a7
                                      • Instruction ID: b550bff146d2f82885d79d467e4b2c17898510601516b51fb2d0e4317775341a
                                      • Opcode Fuzzy Hash: 7f28d47aeb3601c7ba4cc654642f6650b84c0f34df866b67ef575d41263ce3a7
                                      • Instruction Fuzzy Hash: 204117B2C00218EFDB15EBA4CD89AEEBBB8EB04745F105569F51AB7251DA705E08CB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3C289 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 40libraryloaderCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00E3C290
                                      • GetModuleHandleW.KERNEL32(kernel32.dll,CreateDirectoryW,00000000,00E3CB3B), ref: 00E3C2AD
                                      • GetProcAddress.KERNEL32(00000000), ref: 00E3C2B0
                                      • CreateDirectoryW.KERNELBASE(?,?), ref: 00E3C2C7
                                      • GetModuleHandleW.KERNEL32(kernel32.dll,CreateDirectoryA), ref: 00E3C2D5
                                      • GetProcAddress.KERNEL32(00000000), ref: 00E3C2D8
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: AddressHandleModuleProc$CreateDirectoryH_prolog3
                                      • String ID: CreateDirectoryA$CreateDirectoryW$kernel32.dll
                                      • API String ID: 662308948-2917578371
                                      • Opcode ID: 9227827c04cde9e394eeb2725657dc6f7d4befe76e72da90758e06f63dfdbbdf
                                      • Instruction ID: f97e5a8acbbaa2cfaae54ecd58299c6a122e677fdf0fe551bddddb86087d8626
                                      • Opcode Fuzzy Hash: 9227827c04cde9e394eeb2725657dc6f7d4befe76e72da90758e06f63dfdbbdf
                                      • Instruction Fuzzy Hash: 01F0AF32600B09BFCB10BFA2CC5DA8E7B68AF84750B925114F81DB7191CF74D905CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DF25A3 Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 505COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 383 df25a3-df25db call e39b85 call df238b 388 df2c2f-df2c3a 383->388 389 df25e1-df2623 call df2400 383->389 391 df2c3c-df2c43 388->391 392 df2c58-df2c5f call e39b34 388->392 396 df262c-df2631 389->396 397 df2625-df2627 389->397 391->392 394 df2c45-df2c51 FindCloseChangeNotification 391->394 394->392 399 df2bce-df2bd8 396->399 400 df2637-df2662 call e53ca3 call df0300 396->400 397->399 401 df2c1e-df2c2b 399->401 402 df2bda-df2bf2 399->402 413 df26a5-df2756 call df1e25 400->413 414 df2664-df2692 call e53ca3 call df0300 400->414 401->388 404 df2c15-df2c1d call e398ae 402->404 405 df2bf4-df2c0f call df3386 402->405 404->401 405->404 420 df275c 413->420 421 df2a40-df2a4f 413->421 414->413 428 df2694-df26a0 call e53ca3 call df3c11 414->428 425 df2762-df2786 call df49d6 420->425 422 df2a95-df2ab0 421->422 423 df2a51-df2a69 421->423 429 df2af6-df2b11 422->429 430 df2ab2-df2aca 422->430 426 df2a8c-df2a94 call e398ae 423->426 427 df2a6b-df2a86 call df3386 423->427 449 df279b-df2812 call df3afb call df0bc7 call df3107 call df0bc7 call df3f72 call df3afb 425->449 450 df2788-df2796 call df3afb call df3a89 425->450 426->422 427->426 428->413 432 df2b5a-df2b77 429->432 433 df2b13-df2b2e 429->433 437 df2aed-df2af5 call e398ae 430->437 438 df2acc-df2ae7 call df3386 430->438 445 df2bbd-df2bca 432->445 446 df2b79-df2b91 432->446 440 df2b51-df2b59 call e398ae 433->440 441 df2b30-df2b4b call df3386 433->441 437->429 438->437 440->432 441->440 445->399 455 df2bb4-df2bbc call e398ae 446->455 456 df2b93-df2bae call df3386 446->456 479 df2a1f-df2a37 call df1e25 449->479 480 df2818-df288c call df0bc7 call df3f72 call df3afb call df0bc7 call df3f72 call df3afb 449->480 450->449 455->445 456->455 479->425 486 df2a3d-df2a3f 479->486 496 df288e-df2897 480->496 497 df28f9-df2932 call df0bc7 call df3f72 call df3afb 480->497 486->421 496->497 499 df2899-df28a9 call df49d6 496->499 497->479 515 df2938-df295c call df49d6 497->515 503 df28ae-df28bc 499->503 505 df28be-df28cc call df3afb call df3a89 503->505 506 df28d1-df28f4 call df3afb call df228a 503->506 505->506 506->479 519 df295e-df296c call df3afb call df3a89 515->519 520 df2971-df299d call df3afb call df49d6 515->520 519->520 528 df29af-df29ee call df3afb call df0bc7 call df3107 520->528 529 df299f-df29aa call df3afb call df3a89 520->529 528->479 539 df29f0-df2a0c call df040a 528->539 529->528 539->479 542 df2a0e-df2a1a call df3c6d 539->542 542->479
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00DF25AD
                                        • Part of subcall function 00DF238B: CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000001,00000000,00000000,?,00000000,?,00DF25D9,000000FF,?), ref: 00DF23AE
                                      • FindCloseChangeNotification.KERNELBASE(000000FF,000000FF,?), ref: 00DF2C4B
                                        • Part of subcall function 00DF2400: GetFileSize.KERNEL32(00DF85E6,00000000,?,?,00000001,?,?,?,00DF261C,000000FF,?,?,000000FF,?), ref: 00DF2419
                                        • Part of subcall function 00DF2400: GetProcessHeap.KERNEL32(00000008,00000001,?,00000001,?,?,?,00DF261C,000000FF,?,?,000000FF,?), ref: 00DF243A
                                        • Part of subcall function 00DF2400: HeapAlloc.KERNEL32(00000000,?,00000001,?,?,?,00DF261C,000000FF,?,?,000000FF,?), ref: 00DF2441
                                        • Part of subcall function 00DF2400: ReadFile.KERNEL32(00DF85E6,00000000,00000000,00000000,00000000,?,00000001,?,?,?,00DF261C,000000FF,?,?,000000FF,?), ref: 00DF245F
                                        • Part of subcall function 00DF2400: _strlen.LIBCMT ref: 00DF246E
                                        • Part of subcall function 00DF2400: _wcslen.LIBCMT ref: 00DF249A
                                        • Part of subcall function 00DF2400: GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,?,00000001,?,?,?,00DF261C,000000FF,?,?,000000FF,?), ref: 00DF24AD
                                        • Part of subcall function 00DF2400: HeapFree.KERNEL32(00000000,?,00000001,?,?,?,00DF261C,000000FF,?,?,000000FF,?), ref: 00DF24B4
                                      • _wcslen.LIBCMT ref: 00DF263D
                                      • _wcslen.LIBCMT ref: 00DF266D
                                      • _wcslen.LIBCMT ref: 00DF2695
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Heap_wcslen$File$Process$AllocChangeCloseCreateFindFreeH_prolog3_NotificationReadSize_strlen
                                      • String ID: $xn
                                      • API String ID: 2546133680-1501575746
                                      • Opcode ID: 9663e9dcdb4728e7879e485e1367ae723a4dbf5845f2b05f68144807662a0240
                                      • Instruction ID: d79e6e54b09811df5389154ee7c935a41403799b5a586b8852e66aaa183918d4
                                      • Opcode Fuzzy Hash: 9663e9dcdb4728e7879e485e1367ae723a4dbf5845f2b05f68144807662a0240
                                      • Instruction Fuzzy Hash: 63225971D0025CDADB25DBA8CC85BEEBBB4AF48310F158199E249F7291DB345E88CF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E35B47 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 118fileCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 544 e35b47-e35b69 call e39b52 547 e35c76-e35c89 call dfcf48 call e39b20 544->547 548 e35b6f-e35b9a VirtualQuery call e35de4 544->548 553 e35baf-e35bc0 call e35de4 548->553 554 e35b9c-e35b9f 548->554 563 e35bc2-e35bd3 call e35de4 553->563 564 e35bd9-e35bee 553->564 554->553 557 e35ba1-e35bad 554->557 559 e35c0c-e35c14 557->559 561 e35c53-e35c55 559->561 562 e35c16-e35c1a 559->562 561->547 568 e35c57 561->568 562->561 567 e35c1c-e35c49 GetSystemInfo MapViewOfFile 562->567 563->547 563->564 564->547 566 e35bf4-e35bff 564->566 566->547 570 e35c01-e35c0a 566->570 567->547 571 e35c4b-e35c51 567->571 572 e35c5a-e35c74 568->572 570->559 571->561 572->547 572->572
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00E35B4E
                                      • VirtualQuery.KERNEL32(?,0000001C,0000001C,00000054,00E35D15,00000008,?,?,?,?,HFh,?,00E35D7F,?,HFh,00000008), ref: 00E35B7A
                                        • Part of subcall function 00E35DE4: CompareStringA.KERNELBASE(00000400,00000001,?,00000008,00000008,000000FF,?,00000000,?,?,00E35B96,.debug,?,?,00E35D7F,?), ref: 00E35E0C
                                      • GetSystemInfo.KERNELBASE(?,?,00E35D7F,?,HFh), ref: 00E35C20
                                      • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,?,?,?,?,00E35D7F,?,HFh), ref: 00E35C41
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CompareFileH_prolog3InfoQueryStringSystemViewVirtual
                                      • String ID: .debug$.rdata$.text
                                      • API String ID: 3690134103-733372908
                                      • Opcode ID: 1898aed003d8d86be35d2de10dffc696aad99a1387c0ff99201f1d629669e54a
                                      • Instruction ID: c7db7e174b4c535c048b7a52d014ab358604ed85b25b8db4b182af0571df8520
                                      • Opcode Fuzzy Hash: 1898aed003d8d86be35d2de10dffc696aad99a1387c0ff99201f1d629669e54a
                                      • Instruction Fuzzy Hash: 53412E72A007069FDF14DFA5C889AAEBBB5FF88354F149129E904B7351DB70E940CB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE9440 Relevance: 10.7, APIs: 7, Instructions: 240fileCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 573 de9440-de9494 call e39cc0 576 de949e-de94e1 call de99a0 573->576 577 de9496-de9499 573->577 578 de97c2 576->578 584 de94e7-de94ee 576->584 577->578 580 de97c4-de97c7 578->580 582 de97d9-de97f6 call e3978b 580->582 583 de97c9-de97d0 580->583 583->582 585 de97d2-de97d3 FindCloseChangeNotification 583->585 586 de94f2-de9516 CreateFileW 584->586 587 de94f0 584->587 585->582 589 de97bc GetLastError 586->589 590 de951c-de9524 586->590 587->586 589->578 592 de9530-de9554 call e364a0 590->592 594 de955a-de9561 592->594 595 de9753-de975a 592->595 596 de961c-de9623 594->596 597 de9567-de9573 594->597 595->589 598 de975c-de9764 595->598 601 de9685-de9695 FlushFileBuffers 596->601 602 de9625-de962d 596->602 599 de9580-de95a8 call de9be0 597->599 598->589 600 de9766-de976e 598->600 612 de95ae-de95b1 599->612 613 de9749-de974e 599->613 600->589 606 de9770-de9778 600->606 604 de9697-de96aa SetFileTime 601->604 605 de96b0-de96b8 601->605 602->601 607 de962f-de9637 602->607 604->605 605->580 606->589 609 de977a-de9785 606->609 607->601 610 de9639-de9641 607->610 609->589 614 de9787-de978c 609->614 610->601 611 de9643-de964e 610->611 611->601 617 de9650-de9655 611->617 618 de96ca-de96d1 612->618 619 de95b7-de95ba 612->619 613->618 615 de978e-de97a0 614->615 616 de97a6-de97b2 614->616 615->616 616->589 620 de966f-de967b 617->620 621 de9657-de9669 617->621 618->580 623 de96d7-de96df 618->623 619->618 622 de95c0-de95f4 WriteFile 619->622 620->601 621->620 626 de95fa-de9600 622->626 627 de96c2-de96c8 GetLastError 622->627 623->580 628 de96e5-de96ed 623->628 632 de96bd-de96c0 626->632 633 de9606-de960d 626->633 627->618 628->580 629 de96f3-de96fb 628->629 629->580 634 de9701-de970c 629->634 632->618 633->599 635 de9613-de9616 633->635 634->580 636 de9712-de9717 634->636 635->592 635->596 637 de9719-de972b 636->637 638 de9731-de9747 636->638 637->638 638->580
                                      APIs
                                      • CreateFileW.KERNELBASE(?,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00DE9505
                                      • WriteFile.KERNELBASE(?,?,00004000,?,00000000), ref: 00DE95EC
                                      • FindCloseChangeNotification.KERNELBASE ref: 00DE97D3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: File$ChangeCloseCreateFindNotificationWrite
                                      • String ID:
                                      • API String ID: 3805958096-0
                                      • Opcode ID: fb82d0b08d3f6edd09da2be2dfe6c256efd42f3307d854ec14c03863fc687020
                                      • Instruction ID: 4a71f88d8b27988f1d5488be065b22c75364ed9d1e95d09585d2d76ebfa7ebc8
                                      • Opcode Fuzzy Hash: fb82d0b08d3f6edd09da2be2dfe6c256efd42f3307d854ec14c03863fc687020
                                      • Instruction Fuzzy Hash: 9AA1BE71A016589BDB60EF2ACC98B9DB7B4BB44314F1881E9D54CA6290DB709E8DCF60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE5C50 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70registryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 642 de5c50-de5c5d 643 de5ceb-de5cf2 642->643 644 de5c63-de5c6b 642->644 645 de5d18-de5d1b 643->645 646 de5cf4-de5cfe 643->646 647 de5cdc 644->647 648 de5c6d-de5c91 RegOpenKeyExW 644->648 650 de5d02-de5d0c 646->650 651 de5d00 646->651 649 de5ce3-de5cea 647->649 648->649 652 de5c93-de5cbc RegQueryValueExW 648->652 649->643 653 de5d0e 650->653 654 de5d10-de5d13 call de53f0 650->654 651->650 655 de5d1e-de5d20 652->655 656 de5cbe-de5cc2 652->656 653->654 654->645 655->649 658 de5d22-de5d29 RegCloseKey 655->658 656->655 659 de5cc4-de5cce 656->659 658->649 660 de5cd7-de5cda 659->660 661 de5cd0-de5cd1 RegCloseKey 659->661 660->647 660->649 661->660
                                      APIs
                                      • RegOpenKeyExW.KERNELBASE(80000001,SOFTWARE\InstallShield\29.0\Professional,00000000,00020019,?), ref: 00DE5C89
                                      • RegQueryValueExW.ADVAPI32(00000000,DoVerboseLogging,00000000,?,?,?), ref: 00DE5CB4
                                      • RegCloseKey.ADVAPI32(00000000), ref: 00DE5CD1
                                      • RegCloseKey.ADVAPI32(00000000), ref: 00DE5D23
                                      Strings
                                      • SOFTWARE\InstallShield\29.0\Professional, xrefs: 00DE5C7F
                                      • DoVerboseLogging, xrefs: 00DE5CAE
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Close$OpenQueryValue
                                      • String ID: DoVerboseLogging$SOFTWARE\InstallShield\29.0\Professional
                                      • API String ID: 1607946009-1298270022
                                      • Opcode ID: ae9d4d558c7cffdde17d68adbcbccb3805e4875d24895dce3c6b059cd2e63194
                                      • Instruction ID: bd24aae63437ac956b2b5c910d1874726117042c6add5665c14ce5a76ac90b1f
                                      • Opcode Fuzzy Hash: ae9d4d558c7cffdde17d68adbcbccb3805e4875d24895dce3c6b059cd2e63194
                                      • Instruction Fuzzy Hash: A521D631801B94AFEB21AF56EC58BAE7BA4BB0174CF284159D80176155C7706988CBE1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E35D2C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59fileCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 662 e35d2c-e35d6e call e39b52 call e36278 667 e35d70-e35d7a call e35ce1 662->667 668 e35d84-e35d8a 662->668 672 e35d7f-e35d82 667->672 670 e35da0-e35dae 668->670 671 e35d8c-e35d93 668->671 674 e35dc1-e35dc9 670->674 675 e35db0-e35db2 670->675 671->670 673 e35d95-e35d9c UnmapViewOfFile 671->673 672->668 673->670 677 e35dcb-e35dcd 674->677 678 e35ddc-e35de3 call e39b20 674->678 675->674 676 e35db4-e35dbd FindCloseChangeNotification 675->676 676->674 677->678 679 e35dcf-e35dd8 CloseHandle 677->679 679->678
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00E35D33
                                        • Part of subcall function 00E36278: __EH_prolog3.LIBCMT ref: 00E3627F
                                        • Part of subcall function 00E36278: CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000,00000040,00E35D66,?,HFh,Fh,?,00000008,00000010,00E35347), ref: 00E362B1
                                        • Part of subcall function 00E36278: CreateFileMappingW.KERNELBASE(00000000,00000000,00000002,00000000,00000000,00000000), ref: 00E362D0
                                        • Part of subcall function 00E36278: GetSystemInfo.KERNELBASE(?), ref: 00E362EA
                                        • Part of subcall function 00E36278: MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,000000FF), ref: 00E362FE
                                        • Part of subcall function 00E36278: IsBadReadPtr.KERNEL32(?,000000F8), ref: 00E3632D
                                        • Part of subcall function 00E36278: UnmapViewOfFile.KERNEL32(00000000), ref: 00E3634D
                                        • Part of subcall function 00E36278: MapViewOfFile.KERNEL32(00000008,00000004,00000000,00000000,?), ref: 00E3635F
                                        • Part of subcall function 00E36278: UnmapViewOfFile.KERNEL32(00000000), ref: 00E36376
                                        • Part of subcall function 00E36278: IsBadReadPtr.KERNEL32(?,000000F8), ref: 00E3639D
                                      • UnmapViewOfFile.KERNEL32(HFh,?), ref: 00E35D96
                                      • FindCloseChangeNotification.KERNELBASE(00000000,?), ref: 00E35DB7
                                      • CloseHandle.KERNEL32(00000000,?), ref: 00E35DD2
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: File$View$Unmap$CloseCreateH_prolog3Read$ChangeFindHandleInfoMappingNotificationSystem
                                      • String ID: Fh$HFh
                                      • API String ID: 767614412-3618649236
                                      • Opcode ID: 33d7b3990b084ff34f7573f39de8c4ddee5bb8be0b22dc2446c9d5ea083767e7
                                      • Instruction ID: 1eb5fe30ea6e6e03e1457584795c4e0eb57396898f9c887038d588d0f2ebb65b
                                      • Opcode Fuzzy Hash: 33d7b3990b084ff34f7573f39de8c4ddee5bb8be0b22dc2446c9d5ea083767e7
                                      • Instruction Fuzzy Hash: 06213432C02A59AFDF128B94C94D7EFBEB4AF00309F944168E405B62A2C7754A44CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3FEC2 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 16libraryloaderCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • GetModuleHandleW.KERNEL32(kernel32,GetNativeSystemInfo,?,00E3E5D0,?), ref: 00E3FECF
                                      • GetProcAddress.KERNEL32(00000000), ref: 00E3FED6
                                      • GetSystemInfo.KERNEL32(00E3E5D0,?,00E3E5D0,?), ref: 00E3FEE3
                                      • GetNativeSystemInfo.KERNELBASE(00E3E5D0,?,00E3E5D0,?), ref: 00E3FEEB
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: InfoSystem$AddressHandleModuleNativeProc
                                      • String ID: GetNativeSystemInfo$kernel32
                                      • API String ID: 3433367815-3846845290
                                      • Opcode ID: 032f88dad765b2b4fa43cd743070a39fbaa1162710189c07c2eed2773b9a9bd3
                                      • Instruction ID: 58b542c39d12dd9127fee30b077a0d637d4e47300ac90f01cf3ee5f1879910ba
                                      • Opcode Fuzzy Hash: 032f88dad765b2b4fa43cd743070a39fbaa1162710189c07c2eed2773b9a9bd3
                                      • Instruction Fuzzy Hash: 0DD0C932142B08FFCE102BE3BC0DA693F1CAB45B597405455F60DB6120DF6185148B55
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3529F Relevance: 9.2, APIs: 6, Instructions: 193fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E352A6
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                        • Part of subcall function 00E0A953: __EH_prolog3.LIBCMT ref: 00E0A95A
                                      • _wcslen.LIBCMT ref: 00E3531F
                                      • CreateFileW.KERNELBASE(00000140,80000000,00000003,00000000,00000003,00000080,00000000,00E965D4,00000000), ref: 00E35369
                                      • GetLastError.KERNEL32 ref: 00E35377
                                        • Part of subcall function 00E365AC: SetFilePointer.KERNELBASE(00DF65EC,00000000,?,00000000,?,?,?,?,?,00E35A58,00000000,?,00000000,00000000), ref: 00E365CC
                                        • Part of subcall function 00E365AC: GetLastError.KERNEL32(?,?,?,?,?,00E35A58,00000000,?,00000000,00000000), ref: 00E365D4
                                      • ReadFile.KERNELBASE(?,?,0000002E,?,00000000,?,?,00000000,00000000,00000048,00E36846,?), ref: 00E353C5
                                        • Part of subcall function 00E35672: __EH_prolog3_GS.LIBCMT ref: 00E35679
                                      • ReadFile.KERNEL32(?,?,0000002E,?,00000000,?,?,00000000,00000000,?), ref: 00E35442
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorFileLast$H_prolog3_Read$CreateH_prolog3Pointer_wcslen
                                      • String ID:
                                      • API String ID: 829343304-0
                                      • Opcode ID: 22e11abcdeb220700e5db4cf34468e2b8a9bdf29ff9583b4a783bf7f0c4e5919
                                      • Instruction ID: cdb8e8804f02b2015fb6f8c65673943334456e3295ad3209884e0e633fabf7d5
                                      • Opcode Fuzzy Hash: 22e11abcdeb220700e5db4cf34468e2b8a9bdf29ff9583b4a783bf7f0c4e5919
                                      • Instruction Fuzzy Hash: 3961B172500B44DFDB249F64C989B9E7FF8EF00704F102129E952AB285D7B5DD84CB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DF2C60 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 241fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00DF2C6A
                                      • _wcslen.LIBCMT ref: 00DF2D30
                                      • _wcslen.LIBCMT ref: 00DF2F94
                                      • CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000002,00000080,00000000,00000114,00DF3274,?,?,?,?,?,00000028,00DF31AB), ref: 00DF2C9D
                                        • Part of subcall function 00DE9840: FindCloseChangeNotification.KERNELBASE(00000000,00000000,00DF23C6,?,00000000,?,00DF25D9,000000FF,?), ref: 00DE9854
                                        • Part of subcall function 00DF3168: _wcslen.LIBCMT ref: 00DF3178
                                        • Part of subcall function 00DF3168: WriteFile.KERNELBASE(?,?,00000000,?,00000000,?,?,00DF2D0F,00000000,?,?,00000000,?,00DF1D2C,?,00000000), ref: 00DF318A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: _wcslen$File$ChangeCloseCreateFindH_prolog3_NotificationWrite
                                      • String ID: ]
                                      • API String ID: 1316776913-3462329250
                                      • Opcode ID: fb9c7118fa25421f74f60c523b9178b2117f86b0cbaeb9a33f4f0d00544d2820
                                      • Instruction ID: 43904d40b155c3c8c7b40c5aea65f5edff6cb86125a468bed9e4e8dd74192a48
                                      • Opcode Fuzzy Hash: fb9c7118fa25421f74f60c523b9178b2117f86b0cbaeb9a33f4f0d00544d2820
                                      • Instruction Fuzzy Hash: 1AA13C7180029C9ADB15EBA4C882BEDBBB4AF15304F1584E9E289B7191DBB05F85CB71
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E359DF Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 109fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E359E6
                                      • CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000,0000004C,00E3576E,?,?,Hg,?), ref: 00E35A29
                                      • GetLastError.KERNEL32 ref: 00E35A36
                                      • CloseHandle.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 00E35ABB
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CloseCreateErrorFileH_prolog3_HandleLast
                                      • String ID: Hg
                                      • API String ID: 3060235777-2086912500
                                      • Opcode ID: 9a3041ab094f06a135d30e63709e5dcb0ea796f6931a392d300474185443e0ce
                                      • Instruction ID: 7049c4bee594c602b822fd9bafaa2a3a4bc8ccd14805f6769236e4588c0a67dd
                                      • Opcode Fuzzy Hash: 9a3041ab094f06a135d30e63709e5dcb0ea796f6931a392d300474185443e0ce
                                      • Instruction Fuzzy Hash: 29416D72A01A58DFDB24DFA4C889BADBBB5FF44314F105619E812BB380DB74AD41DB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E38574 Relevance: 7.6, APIs: 5, Instructions: 116shareCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E3857B
                                      • GetDriveTypeW.KERNELBASE(-00000004,?,00000000,0000004C,00E271BC,00000000,Hg,?,00000000,00000000,?,00000000,00000000,unc,00000000,00000000), ref: 00E385BD
                                      • WNetGetUniversalNameW.MPR(?,00000001,00000000,?), ref: 00E38627
                                      • WNetGetUniversalNameW.MPR(?,00000001,00000000,?), ref: 00E38666
                                      • _wcslen.LIBCMT ref: 00E38682
                                        • Part of subcall function 00DF440B: __EH_prolog3_GS.LIBCMT ref: 00DF4412
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_NameUniversal$DriveType_wcslen
                                      • String ID:
                                      • API String ID: 3241392451-0
                                      • Opcode ID: a3147153167e44ffcc147ff2a3d92debad91d3215a2034632983abd2bec5755c
                                      • Instruction ID: a311f398ba7283dc05d66e7788b3ee0db9855c884e6852518332b58a5d4ca2c7
                                      • Opcode Fuzzy Hash: a3147153167e44ffcc147ff2a3d92debad91d3215a2034632983abd2bec5755c
                                      • Instruction Fuzzy Hash: 03419D71D00304AFDB24DFA8C98AB9DBBF4EF45324F141129F515BB282DBB49942CB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE9526 Relevance: 6.1, APIs: 4, Instructions: 116filetimeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • WriteFile.KERNELBASE(?,?,00004000,?,00000000), ref: 00DE95EC
                                      • FlushFileBuffers.KERNEL32(?), ref: 00DE968C
                                      • SetFileTime.KERNELBASE(?,?,00000008,?), ref: 00DE96AA
                                      • GetLastError.KERNEL32 ref: 00DE96C2
                                      • GetLastError.KERNEL32 ref: 00DE97BC
                                      • FindCloseChangeNotification.KERNELBASE ref: 00DE97D3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: File$ErrorLast$BuffersChangeCloseFindFlushNotificationTimeWrite
                                      • String ID:
                                      • API String ID: 3106738900-0
                                      • Opcode ID: c24846fe1f78243df6e598e9e6785ed9b7495f7034e365dc303ec5784c84b755
                                      • Instruction ID: 5a6471f70ded6ee3dddf9c4cb7e240118317261956a3e5298b42daff1bc564a3
                                      • Opcode Fuzzy Hash: c24846fe1f78243df6e598e9e6785ed9b7495f7034e365dc303ec5784c84b755
                                      • Instruction Fuzzy Hash: 98416FB1A015188ADF70EF26CC98BADB379BB44314F0885EAD54DA6190DF349E8DCF60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE9575 Relevance: 6.1, APIs: 4, Instructions: 101filetimeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • WriteFile.KERNELBASE(?,?,00004000,?,00000000), ref: 00DE95EC
                                      • FlushFileBuffers.KERNEL32(?), ref: 00DE968C
                                      • SetFileTime.KERNELBASE(?,?,00000008,?), ref: 00DE96AA
                                      • GetLastError.KERNEL32 ref: 00DE96C2
                                      • GetLastError.KERNEL32 ref: 00DE97BC
                                      • FindCloseChangeNotification.KERNELBASE ref: 00DE97D3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: File$ErrorLast$BuffersChangeCloseFindFlushNotificationTimeWrite
                                      • String ID:
                                      • API String ID: 3106738900-0
                                      • Opcode ID: 2813074e5377b587d163cb83cf99431910431ff8c50c4e93ea82053255a49f79
                                      • Instruction ID: 13e0e87bd34f5173ffbbda24e0b5ec7e7dee318dbc67f01a3b55476853a79af8
                                      • Opcode Fuzzy Hash: 2813074e5377b587d163cb83cf99431910431ff8c50c4e93ea82053255a49f79
                                      • Instruction Fuzzy Hash: 40416071A015588ADB70AF26CC98BADB379BB44318F1881AAD55D96190DF305E8DCF60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DF5EAE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_
                                      • String ID: Hg$Pg
                                      • API String ID: 2427045233-3911212948
                                      • Opcode ID: e972c541434aeb786a309b4eed2c39c34b2a7bc178bb796fa71743a5ad0f3fc5
                                      • Instruction ID: 884177c926662c655f9f73a67d83083355a7994630377003f9d258a80cad8e24
                                      • Opcode Fuzzy Hash: e972c541434aeb786a309b4eed2c39c34b2a7bc178bb796fa71743a5ad0f3fc5
                                      • Instruction Fuzzy Hash: 68113D7080429CEEDF21EBE1DC59BEDBBB4EF11308F54829AE101A3192D7715A49CB71
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E365AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetFilePointer.KERNELBASE(00DF65EC,00000000,?,00000000,?,?,?,?,?,00E35A58,00000000,?,00000000,00000000), ref: 00E365CC
                                      • GetLastError.KERNEL32(?,?,?,?,?,00E35A58,00000000,?,00000000,00000000), ref: 00E365D4
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorFileLastPointer
                                      • String ID: Hg
                                      • API String ID: 2976181284-2086912500
                                      • Opcode ID: 50802b2eeb8476f4ab68a188b0113e6883dcd7181f914858d79647473ea66003
                                      • Instruction ID: 5ce112f456b63c33ab89fe94a0e20b72b6a76f3d7987b6469aa5d31b7fc67de3
                                      • Opcode Fuzzy Hash: 50802b2eeb8476f4ab68a188b0113e6883dcd7181f914858d79647473ea66003
                                      • Instruction Fuzzy Hash: 4AF0F8B6A00518BFCB108F65DD088EA7FE9EB85364B108535F925E3254D670DD10DBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE10B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE10B7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$IS_BBRD_LOOP_BILLBOARDS
                                      • API String ID: 3502553090-1006699862
                                      • Opcode ID: ea8aeb0e4b3d969dc490e782403e0c548d4d9c716feddd2ab0675c9829eb5358
                                      • Instruction ID: 06eb6cd3fb241cd7ac7f8c9fb89782656d0b200dee5abb7ae9932f0a02a3b3c8
                                      • Opcode Fuzzy Hash: ea8aeb0e4b3d969dc490e782403e0c548d4d9c716feddd2ab0675c9829eb5358
                                      • Instruction Fuzzy Hash: 40D0A7307903057AC614B3A0680BF4DA9689B40710F902259B399BA2C38FE04600C339
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E364A0 Relevance: 4.6, APIs: 3, Instructions: 97fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SetLastError.KERNEL32(00000057), ref: 00E364B0
                                      • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 00E364DE
                                      • _strlen.LIBCMT ref: 00E36507
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorFileLastRead_strlen
                                      • String ID:
                                      • API String ID: 3544417406-0
                                      • Opcode ID: 7fe58343c97c037036625d7432b95d7bf7988fb4d4a355e870596a0fd7d0b8da
                                      • Instruction ID: b4e014c17d47769127f41ce84d8c9db590bdfbc612dd0900ebdd810d61b4b517
                                      • Opcode Fuzzy Hash: 7fe58343c97c037036625d7432b95d7bf7988fb4d4a355e870596a0fd7d0b8da
                                      • Instruction Fuzzy Hash: 31318176A00605BFDB10DF78CC89AAABBB5FF44354F148928E855A7344D731ED50CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE7AA0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 64COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                      • SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast
                                      • String ID: Pg
                                      • API String ID: 1452528299-754130359
                                      • Opcode ID: 9ff91cf907e8c180e789fa855ce28049f55134068eff50b27b1f3ce4846814e2
                                      • Instruction ID: abb98f0aff2d8a7b6d87b4cbf01271e10d1bc828bca0a6f9c89493021aefa6ce
                                      • Opcode Fuzzy Hash: 9ff91cf907e8c180e789fa855ce28049f55134068eff50b27b1f3ce4846814e2
                                      • Instruction Fuzzy Hash: EC213875904A06EFC700CF59C949B5ABBF8FB58318F14822AE81897B50EB74E954CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DEF67F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: map/set too long
                                      • API String ID: 0-558153379
                                      • Opcode ID: 15f397d04d024cb40e21177ad1aafa4f31a5ebb00d8b03ffe2eb739ffe48df3c
                                      • Instruction ID: 6a94f2ce5b5dfb9d4e353a7c4eefacfa90bef1834e053a32af40be16c48e55bd
                                      • Opcode Fuzzy Hash: 15f397d04d024cb40e21177ad1aafa4f31a5ebb00d8b03ffe2eb739ffe48df3c
                                      • Instruction Fuzzy Hash: 71014932400708ABCB18FB28E817E9E77E8EF40301F51492DF419D3592DB70EA09C3A0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DF21E2 Relevance: 3.0, APIs: 2, Instructions: 43fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • ReadFile.KERNELBASE(00DF85E6,?,00000400,?,00000000,00000000), ref: 00DF2216
                                      • SetFilePointer.KERNELBASE(00DF85E6,00000000,00000000,00000000,00000000), ref: 00DF2244
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: File$PointerRead
                                      • String ID:
                                      • API String ID: 3154509469-0
                                      • Opcode ID: c1e16560c6ed9a96854845ad5821b72bbb00f4ea4e56c1a3006bd670abd30c91
                                      • Instruction ID: 231c26543542b5e0cccd94ed7fa96f5398d96e99206d886ba519fc06befb28f8
                                      • Opcode Fuzzy Hash: c1e16560c6ed9a96854845ad5821b72bbb00f4ea4e56c1a3006bd670abd30c91
                                      • Instruction Fuzzy Hash: 3701D6B19412286EDB109B609D45BFD77E8EB09700F5400A9AB41FB181CE705E898B68
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E35632 Relevance: 3.0, APIs: 2, Instructions: 27COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetFileAttributesW.KERNELBASE(?,?,?,00E359AD,?,00000000,?,?,?,00E36924,00000000,Hg,00000000,?,?,?), ref: 00E35647
                                      • SetFileAttributesW.KERNEL32(?,00000000,?,00E359AD,?,00000000,?,?,?,00E36924,00000000,Hg,00000000,?,?,?), ref: 00E35667
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: AttributesFile
                                      • String ID:
                                      • API String ID: 3188754299-0
                                      • Opcode ID: 714f87c16d3adbf90cda8fdfd0be5cfc63c41fc2ada55e57dc8a23739ddc3046
                                      • Instruction ID: 9c0716afe747efc59fb0265c1f1e965bca8454c6da5b9a7ba537c7f700a1eb2e
                                      • Opcode Fuzzy Hash: 714f87c16d3adbf90cda8fdfd0be5cfc63c41fc2ada55e57dc8a23739ddc3046
                                      • Instruction Fuzzy Hash: EBE092B3401E149BCA204B1CDD4D9517BA9EF0673DB8A1716F896B72A1D730AC15CBE4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DF3168 Relevance: 3.0, APIs: 2, Instructions: 20fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • _wcslen.LIBCMT ref: 00DF3178
                                      • WriteFile.KERNELBASE(?,?,00000000,?,00000000,?,?,00DF2D0F,00000000,?,?,00000000,?,00DF1D2C,?,00000000), ref: 00DF318A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: FileWrite_wcslen
                                      • String ID:
                                      • API String ID: 1897463218-0
                                      • Opcode ID: cc36510d3ba958182c2a3c594f4ccbf9f401e174e3e6d5fd2b2e4e1d90b73721
                                      • Instruction ID: 207ce1a4a8ac4f3624635ea6a23b3c709c436dc1f381eba2dda25a6b9d858698
                                      • Opcode Fuzzy Hash: cc36510d3ba958182c2a3c594f4ccbf9f401e174e3e6d5fd2b2e4e1d90b73721
                                      • Instruction Fuzzy Hash: 9BD0C232000618BFCB101F45EC05EEA7BACEF013A1F044415FC0466010C770AE24CBF4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E35E5B Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E35E62
                                        • Part of subcall function 00E35237: __EH_prolog3.LIBCMT ref: 00E3523E
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3H_prolog3_
                                      • String ID:
                                      • API String ID: 3355343447-0
                                      • Opcode ID: 52f79da26c80609592a0957f436a33dd7c085bcabb74842c30f09b35b1c1bba4
                                      • Instruction ID: b839ed540e5f2718165637a5c060365e4864dc859cee1eb28f82b0c7a86f1307
                                      • Opcode Fuzzy Hash: 52f79da26c80609592a0957f436a33dd7c085bcabb74842c30f09b35b1c1bba4
                                      • Instruction Fuzzy Hash: EE21C771A01644EADF15EBB1CA4A7AEBFF5AF00310F20516DA446B7292DB746F04DB10
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE91C0 Relevance: 1.6, APIs: 1, Instructions: 67memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SysAllocStringLen.OLEAUT32(00000000,00DE8AAA), ref: 00DE921F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: AllocString
                                      • String ID:
                                      • API String ID: 2525500382-0
                                      • Opcode ID: 37304de4e1b35f19def4038911099f997ad31d3f27c1f0427e4c3266bcd32a6f
                                      • Instruction ID: fca30dc966b04bee3908515c487b1fea1835c018114dffc6941b4401f6030b06
                                      • Opcode Fuzzy Hash: 37304de4e1b35f19def4038911099f997ad31d3f27c1f0427e4c3266bcd32a6f
                                      • Instruction Fuzzy Hash: F311E972801214AFC720AF55D88499AB7E8EB95365F2002ABFD1997251D671DD0487E1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E62FE9 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00E61893: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00E6052A,00000001,00000364,?,00E51FA0,00DE8AAB,00DE8AA9,00DE8AA9,00000000,?,00E395A5,00E396AE), ref: 00E618D4
                                      • _free.LIBCMT ref: 00E63055
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: AllocateHeap_free
                                      • String ID:
                                      • API String ID: 614378929-0
                                      • Opcode ID: be3aa811dcd6f74e17363744198bf72537ce63527144c982611eb90d6482dc34
                                      • Instruction ID: 3ec38d86742cd157ab36b22187661c295639b7fb6ebf1e22d4a5b0a4188a8aaa
                                      • Opcode Fuzzy Hash: be3aa811dcd6f74e17363744198bf72537ce63527144c982611eb90d6482dc34
                                      • Instruction Fuzzy Hash: D8014E72640345ABE331CF65D845959FBD9EBC5370F250A2DE684532C0E630A909C774
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DF238B Relevance: 1.5, APIs: 1, Instructions: 42fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000001,00000000,00000000,?,00000000,?,00DF25D9,000000FF,?), ref: 00DF23AE
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CreateFile
                                      • String ID:
                                      • API String ID: 823142352-0
                                      • Opcode ID: 11f5372ed82cd1c033c36fe488a9dc730b8e64b0ba7605a78675f65a1ee1f21a
                                      • Instruction ID: fa61fa89891005aba0646cdb616f77bc5b1f0af842501d2bc77d2d529543a0fa
                                      • Opcode Fuzzy Hash: 11f5372ed82cd1c033c36fe488a9dc730b8e64b0ba7605a78675f65a1ee1f21a
                                      • Instruction Fuzzy Hash: 77F0CD71341204ABD7119A289CC5FBABBDAEB4A720F25802AF604DF281C660A809C7B0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E61893 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00E6052A,00000001,00000364,?,00E51FA0,00DE8AAB,00DE8AA9,00DE8AA9,00000000,?,00E395A5,00E396AE), ref: 00E618D4
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: AllocateHeap
                                      • String ID:
                                      • API String ID: 1279760036-0
                                      • Opcode ID: ec408c280883ccd299ab2d4c6a0cc72c474c8e778bc909607abf3596cd3d9656
                                      • Instruction ID: 7d80373357616a5e2a9f7f6e03bc8f6510008964e038b85d3c812b0ed1cc721c
                                      • Opcode Fuzzy Hash: ec408c280883ccd299ab2d4c6a0cc72c474c8e778bc909607abf3596cd3d9656
                                      • Instruction Fuzzy Hash: 15F0BB3168452467DB166B72BC0575A7798DB417E0B1CA5A2EC14F7190CE20D80452D0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E35DE4 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                      Download Yara Rule
                                      APIs
                                      • CompareStringA.KERNELBASE(00000400,00000001,?,00000008,00000008,000000FF,?,00000000,?,?,00E35B96,.debug,?,?,00E35D7F,?), ref: 00E35E0C
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CompareString
                                      • String ID:
                                      • API String ID: 1825529933-0
                                      • Opcode ID: 2a5878afed757b58d90d7d1c10b6f7fa0025e80fb50c45203007ec7d58a0f1a5
                                      • Instruction ID: fa3faeb353fd309fa3719d595bb5f10ef5a5f0b2eec1e0e44dfe058dad49b7e2
                                      • Opcode Fuzzy Hash: 2a5878afed757b58d90d7d1c10b6f7fa0025e80fb50c45203007ec7d58a0f1a5
                                      • Instruction Fuzzy Hash: E9F0E533344510A6DB105B5AEC88AEABB99EB44770F418521FE1DEE288D9609981C270
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DF3220 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00DF3227
                                        • Part of subcall function 00DF0563: __EH_prolog3.LIBCMT ref: 00DF056A
                                        • Part of subcall function 00DF225C: _wcslen.LIBCMT ref: 00DF2265
                                        • Part of subcall function 00DF2FCC: __EH_prolog3_GS.LIBCMT ref: 00DF2FD3
                                        • Part of subcall function 00DF2C60: __EH_prolog3_GS.LIBCMT ref: 00DF2C6A
                                        • Part of subcall function 00DF2C60: CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000002,00000080,00000000,00000114,00DF3274,?,?,?,?,?,00000028,00DF31AB), ref: 00DF2C9D
                                        • Part of subcall function 00DF2C60: _wcslen.LIBCMT ref: 00DF2D30
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_$_wcslen$CreateFileH_prolog3
                                      • String ID:
                                      • API String ID: 711919037-0
                                      • Opcode ID: 67659df278b7c731a7c64ed145bb7a7c3bb2f045a7087acd57a3d82a9706437d
                                      • Instruction ID: 538c9c4529d6d243cc6fd523b72a60312c66f90bd49d35f9d263556e4488a8ab
                                      • Opcode Fuzzy Hash: 67659df278b7c731a7c64ed145bb7a7c3bb2f045a7087acd57a3d82a9706437d
                                      • Instruction Fuzzy Hash: D8F0EF3192224DABCF04EFA0E9958EEBB70FF14314F518418F51173282DB70AA05CB71
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E5FB7F Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RtlAllocateHeap.NTDLL(00000000,00E396AE,00DE8AA9,?,00E51FA0,00DE8AAB,00DE8AA9,00DE8AA9,00000000,?,00E395A5,00E396AE,00DE8AAD,00DE8AA9,00DE8AA9,00DE8AA9), ref: 00E5FBB1
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: AllocateHeap
                                      • String ID:
                                      • API String ID: 1279760036-0
                                      • Opcode ID: 4a6225468bb722fcdac22d8b790b7629a71f8b2944c3daf14ea2dc14efd93f0e
                                      • Instruction ID: 2d97602b633c45e3948a71ec86d386e89718aea5cd943c0e01aaba9bb56915d8
                                      • Opcode Fuzzy Hash: 4a6225468bb722fcdac22d8b790b7629a71f8b2944c3daf14ea2dc14efd93f0e
                                      • Instruction Fuzzy Hash: 8CE0E532100125EBEA602676DC14B5B7A889F413A7F142972EC04B6094CF54CC0882E0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DF225C Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                      Download Yara Rule
                                      APIs
                                      • _wcslen.LIBCMT ref: 00DF2265
                                        • Part of subcall function 00DF25A3: __EH_prolog3_GS.LIBCMT ref: 00DF25AD
                                        • Part of subcall function 00DF25A3: FindCloseChangeNotification.KERNELBASE(000000FF,000000FF,?), ref: 00DF2C4B
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ChangeCloseFindH_prolog3_Notification_wcslen
                                      • String ID:
                                      • API String ID: 1568535130-0
                                      • Opcode ID: c14ae88cd8377d41de34401ea7b0d97ef3f4bf7280dc687aee1a9675863d363b
                                      • Instruction ID: f98a01811ce10a5693516f29675f4d0f2aa4bdec00dce291ea9a279848ca4ffe
                                      • Opcode Fuzzy Hash: c14ae88cd8377d41de34401ea7b0d97ef3f4bf7280dc687aee1a9675863d363b
                                      • Instruction Fuzzy Hash: 0BD0A77120051C778E153A62D812CBE7B09CF507A47028029FA191A652CE359F5186F4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DF49D6 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3
                                      • String ID:
                                      • API String ID: 431132790-0
                                      • Opcode ID: 2eec355db231f5c040fe4982cf73edf80f55da9d0e70c3b73bbde50bb7e6e2c4
                                      • Instruction ID: 7adb8e87b05490750d382ed2b8c9b2d36f5e3b0ba614028c2f0c67615344710e
                                      • Opcode Fuzzy Hash: 2eec355db231f5c040fe4982cf73edf80f55da9d0e70c3b73bbde50bb7e6e2c4
                                      • Instruction Fuzzy Hash: 04E0B675911109ABDB10DF84D815BAEBBB5EF14305F008018F9046A152C7B59A54CB61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DF3B78 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                      Download Yara Rule
                                      APIs
                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00DF3B92
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Concurrency::cancel_current_task
                                      • String ID:
                                      • API String ID: 118556049-0
                                      • Opcode ID: ceb0e1f452ce6e79d44957cbd5e3d7a4d50e5f39d5f0ce0cb97d1477e657b7a7
                                      • Instruction ID: 19d1cf5e5f0ff396fb4b3d9cfd31baaaca0106981fa849dccb49b687e416a7dc
                                      • Opcode Fuzzy Hash: ceb0e1f452ce6e79d44957cbd5e3d7a4d50e5f39d5f0ce0cb97d1477e657b7a7
                                      • Instruction Fuzzy Hash: E6C08C7250420C0BA2007AB5E80682AB3CCC5207307268A22F728CA5C1F930ED400079
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE9840 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                      Download Yara Rule
                                      APIs
                                      • FindCloseChangeNotification.KERNELBASE(00000000,00000000,00DF23C6,?,00000000,?,00DF25D9,000000FF,?), ref: 00DE9854
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ChangeCloseFindNotification
                                      • String ID:
                                      • API String ID: 2591292051-0
                                      • Opcode ID: bd67c3bf612499c6e7004372e7943fe6fa86924e71bf73d2a46618ce259235c9
                                      • Instruction ID: b67225179262e772a87ade58bf6306aecb81fd2b3a8ef6be6da7a84700301713
                                      • Opcode Fuzzy Hash: bd67c3bf612499c6e7004372e7943fe6fa86924e71bf73d2a46618ce259235c9
                                      • Instruction Fuzzy Hash: 91D01271006950CFD6265F2FBC4C745B6985B07334BA8071AF4B4D62F0CB704C85CB54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E36596 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetFilePointer.KERNELBASE(?,00000000,00000000,00000001,?,00E35EA5,?,00000078,00E354CA,00000000,?,?,?,?,?), ref: 00E365A2
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: FilePointer
                                      • String ID:
                                      • API String ID: 973152223-0
                                      • Opcode ID: 3552edd0c0123ba561e79d60789e8187cb2e4d1762a2658478acaf2af6b739b1
                                      • Instruction ID: 2102a183caa38a3c3101cdd4c952ec2e256a48670e30346ee748f4de6de781e6
                                      • Opcode Fuzzy Hash: 3552edd0c0123ba561e79d60789e8187cb2e4d1762a2658478acaf2af6b739b1
                                      • Instruction Fuzzy Hash: A8B09232280708BBEA201A42EC06F857A599714B91F504021B7082C0E08AE2B4609698
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E43599 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                      Download Yara Rule
                                      APIs
                                      • FindCloseChangeNotification.KERNELBASE(00000000,?,00E434D4,?,00000000,?,?,?,?,?,00E4343A), ref: 00E4359F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ChangeCloseFindNotification
                                      • String ID:
                                      • API String ID: 2591292051-0
                                      • Opcode ID: 1063d3405d2a072387b4b9e6fedf6e8dc27d2ece48166f5176de6c7e32b3987d
                                      • Instruction ID: f81770b82bf9b271fc6c99684da1286e71913b1b573b3a226246fba3e746a9eb
                                      • Opcode Fuzzy Hash: 1063d3405d2a072387b4b9e6fedf6e8dc27d2ece48166f5176de6c7e32b3987d
                                      • Instruction Fuzzy Hash: 45B0123904454CBFCF031F52EC084DCBF2CDF06164B00C051FC5C05222CB3295119B90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Non-executed Functions

                                      Function 00DF6AC1 Relevance: 61.9, APIs: 8, Strings: 27, Instructions: 639COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00DF6ACB
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                        • Part of subcall function 00DF678B: __EH_prolog3_GS.LIBCMT ref: 00DF6795
                                        • Part of subcall function 00DF678B: _wcslen.LIBCMT ref: 00DF67B7
                                        • Part of subcall function 00DF678B: _wcslen.LIBCMT ref: 00DF67EC
                                        • Part of subcall function 00DF678B: SysStringLen.OLEAUT32(?), ref: 00DF68BB
                                        • Part of subcall function 00DF678B: SysFreeString.OLEAUT32(?), ref: 00DF68CA
                                      • _wcslen.LIBCMT ref: 00DF6E4C
                                        • Part of subcall function 00DE8130: SysAllocStringLen.OLEAUT32(00000000,?), ref: 00DE81BE
                                        • Part of subcall function 00DE8130: SysFreeString.OLEAUT32(?), ref: 00DE81EE
                                        • Part of subcall function 00DF678B: SysFreeString.OLEAUT32(?), ref: 00DF690F
                                      • _wcslen.LIBCMT ref: 00DF6CB1
                                        • Part of subcall function 00DF9801: __EH_prolog3_GS.LIBCMT ref: 00DF9808
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      • _wcslen.LIBCMT ref: 00DF6FDC
                                        • Part of subcall function 00DF3EFA: SysFreeString.OLEAUT32(00000000), ref: 00DF3F09
                                        • Part of subcall function 00DF40BE: SysStringLen.OLEAUT32(?), ref: 00DF40C7
                                        • Part of subcall function 00DF40BE: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 00DF40E2
                                      • _wcslen.LIBCMT ref: 00DF7060
                                      • _wcslen.LIBCMT ref: 00DF70EA
                                      • _wcslen.LIBCMT ref: 00DF7174
                                      • _wcslen.LIBCMT ref: 00DF71FB
                                        • Part of subcall function 00DF5DF3: _wcslen.LIBCMT ref: 00DF5E2D
                                        • Part of subcall function 00DF84B6: __EH_prolog3.LIBCMT ref: 00DF84BD
                                        • Part of subcall function 00DF070A: __EH_prolog3.LIBCMT ref: 00DF0711
                                        • Part of subcall function 00DF070A: GetLastError.KERNEL32(00000004,00DE4709,00E965D4,?,00000000), ref: 00DF0733
                                        • Part of subcall function 00DF070A: SetLastError.KERNEL32(?,?,?), ref: 00DF0774
                                        • Part of subcall function 00DF5D4D: SysFreeString.OLEAUT32(?), ref: 00DF5D9D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: String$_wcslen$Free$ErrorLast$H_prolog3_$AllocH_prolog3
                                      • String ID: $#$Hg$IS_OriginalLauncher:$IS_temp$Pg$auto$clone_wait$delayedstart:$extract_all:$hide_progress$hide_splash$hide_usd$installfromweb:$media_path:$no_deleter$no_engine$no_selfdeleter$package:$reboot$runfromtemp$show_beta_msg$show_err_dlg$show_err_msg$show_err_msg_invalid_identity$show_eval_msg$tempdisk1folder:
                                      • API String ID: 928756638-2206204150
                                      • Opcode ID: 88a88d667571196834cd9fdba15b3cedf106f420a9ba3176a46cdae2ec678eae
                                      • Instruction ID: 952de386757b12346f0cf91ce32588304a1948a7af7154a54cd4bc076123ce11
                                      • Opcode Fuzzy Hash: 88a88d667571196834cd9fdba15b3cedf106f420a9ba3176a46cdae2ec678eae
                                      • Instruction Fuzzy Hash: 63429C7090626CADDB20EB64CD51BEEBBB8EF12304F158198E549B7182DBB05F49CB71
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E0F0D0 Relevance: 49.4, APIs: 5, Strings: 23, Instructions: 368COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E0F0DA
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                        • Part of subcall function 00DF0809: __EH_prolog3.LIBCMT ref: 00DF0810
                                      • CoCreateGuid.OLE32(?,?,00000000,?,00000001), ref: 00E0F15E
                                        • Part of subcall function 00E0A8A0: __EH_prolog3.LIBCMT ref: 00E0A8A7
                                        • Part of subcall function 00DFBA06: __EH_prolog3.LIBCMT ref: 00DFBA0D
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      • CreateDirectoryW.KERNEL32(?,00000000,?,00000000), ref: 00E0F1CA
                                        • Part of subcall function 00DF56A6: __EH_prolog3_catch.LIBCMT ref: 00DF56AD
                                        • Part of subcall function 00DF40BE: SysStringLen.OLEAUT32(?), ref: 00DF40C7
                                        • Part of subcall function 00DF40BE: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 00DF40E2
                                      • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000104,?), ref: 00E0F524
                                      • GetPrivateProfileStringW.KERNEL32(-00000004,?,00E965D4,?,00000104,?), ref: 00E0F411
                                        • Part of subcall function 00E3554E: CloseHandle.KERNEL32(?,7B1078F4,?,00EB9530,00000000,?,?,00000000,00E7FD96,000000FF,?,00E36A08,?,?,00E965D4,?), ref: 00E355D0
                                        • Part of subcall function 00DF4F29: __EH_prolog3.LIBCMT ref: 00DF4F30
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: String$ErrorH_prolog3Last$Create$DirectoryFree$AllocCloseGuidH_prolog3_H_prolog3_catchHandlePrivateProfile
                                      • String ID: ($0$C:\CodeBases\isdev\Src\Runtime\MSI\Shared\Setup\msiaction.cpp$Could not extract isconfig.ini from current issetup.dll$Extracting resources for '%s' to '%s'$Hg$Hg$Hg$Hg$Hg$Hg$I$ISConfig.ini for current issetup.dll does not contain TempPathGuid.$IsConfig.ini$Pg$Pg$Pg$Pg$Pg$Pg$Pg$SetupDefaults$TempPathGuid
                                      • API String ID: 1183203974-1784687437
                                      • Opcode ID: e3652e214125e3b0583e0ea20e0f8ed36faf9b5a8c2b33b6f9b2a4c57c52e0a0
                                      • Instruction ID: cc279fafff9b79ef77dd228f1199b2e18e0a4fa73d1ed262279a949e372f556a
                                      • Opcode Fuzzy Hash: e3652e214125e3b0583e0ea20e0f8ed36faf9b5a8c2b33b6f9b2a4c57c52e0a0
                                      • Instruction Fuzzy Hash: DF021B7180126CDEDB21EBA4CD99BDEBBB8AF15304F5441DAE049B3181DB705B88DF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E02230 Relevance: 33.5, APIs: 10, Strings: 9, Instructions: 265synchronizationCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetDlgItem.USER32(?,0000040B), ref: 00E02236
                                      • GetDlgItem.USER32(0000012D), ref: 00E0224D
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                        • Part of subcall function 00E034E7: __EH_prolog3_GS.LIBCMT ref: 00E034F1
                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000400,000000FF), ref: 00E022B2
                                        • Part of subcall function 00DFF3E3: __EH_prolog3_GS.LIBCMT ref: 00DFF3EA
                                        • Part of subcall function 00DFF35F: __EH_prolog3_GS.LIBCMT ref: 00DFF366
                                        • Part of subcall function 00DFF35F: _wcslen.LIBCMT ref: 00DFF390
                                      • _wcslen.LIBCMT ref: 00E02343
                                      • ShellExecuteExW.SHELL32(?), ref: 00E02505
                                      • WaitForInputIdle.USER32(?,00002710), ref: 00E0251A
                                      • ShowWindow.USER32(00000000,00000000), ref: 00E0252C
                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00E0253A
                                      • GetExitCodeProcess.KERNEL32(?,?), ref: 00E0254D
                                      • CloseHandle.KERNEL32(?), ref: 00E02559
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_$ErrorItemLastWait_wcslen$CloseCodeExecuteExitFileHandleIdleInputModuleNameObjectProcessShellShowSingleWindow
                                      • String ID: /debuglog"$ /runprerequisites"$C:\CodeBases\isdev\Src\Runtime\Shared\Setup\IsPreReqDlg.cpp$Hg$Hg$Pg$Pg$Prerequisites need elevation; launching elevated with arguments: %s$runas
                                      • API String ID: 3895803499-2817696199
                                      • Opcode ID: 6721f5ab3eae677ebdb1dcf06826cc29f83c3b9f3238e91f09c1015470925443
                                      • Instruction ID: 59a61a81fa97915a8bfcecfb87d2a1a2f7ff03bf080734e8b3c5f6552a98ce4b
                                      • Opcode Fuzzy Hash: 6721f5ab3eae677ebdb1dcf06826cc29f83c3b9f3238e91f09c1015470925443
                                      • Instruction Fuzzy Hash: 32C14871901258DFDB21EB64DC49B9DB7F8BB04304F1481DAE549B7292DB70AB88CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E154A5 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 117filetimeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E154AF
                                      • GetTempPathW.KERNEL32(00000400,?), ref: 00E154DA
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      • FindFirstFileW.KERNEL32(?,?,?,?,?,?,?), ref: 00E1558C
                                      • CompareFileTime.KERNEL32(?,?,?,?,?,?,?), ref: 00E155AC
                                      • DeleteFileW.KERNEL32(?,?), ref: 00E15656
                                      • FindNextFileW.KERNEL32(00000000,?,?,?,?,?,?), ref: 00E15673
                                      • FindClose.KERNEL32(00000000,?,?,?,?,?), ref: 00E15694
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorFileLast$Find$FreeString$CloseCompareDeleteFirstH_prolog3_NextPathTempTime
                                      • String ID: *.mst$Hg$Hg$Hg$Pg$Pg$Pg
                                      • API String ID: 3113424961-810930242
                                      • Opcode ID: 3d5247736a4d9292b32962a0b3e6ee314623f62717d34ce66d995a8454a40dda
                                      • Instruction ID: 9499aa2e72bcb75d26590511f45636993e9739daaa8c657c98fd62686893acb6
                                      • Opcode Fuzzy Hash: 3d5247736a4d9292b32962a0b3e6ee314623f62717d34ce66d995a8454a40dda
                                      • Instruction Fuzzy Hash: 69514D71900269DACB20EB50CC89BDEB7F8BF51304F5082E6E199B2190DF705B88CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E38011 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 56libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E38018
                                        • Part of subcall function 00DF070A: __EH_prolog3.LIBCMT ref: 00DF0711
                                        • Part of subcall function 00DF070A: GetLastError.KERNEL32(00000004,00DE4709,00E965D4,?,00000000), ref: 00DF0733
                                        • Part of subcall function 00DF070A: SetLastError.KERNEL32(?,?,?), ref: 00DF0774
                                        • Part of subcall function 00E3D5CA: __EH_prolog3_GS.LIBCMT ref: 00E3D5D1
                                      • LoadLibraryW.KERNEL32(-00000004,COMCTL32,?,00000000,00000074,00E27D47,?,00000001), ref: 00E38064
                                      • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 00E38091
                                      • #17.COMCTL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,0000002C,00000000), ref: 00E380BB
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorH_prolog3_Last$AddressH_prolog3LibraryLoadProc
                                      • String ID: $COMCTL32$Hg$InitCommonControlsEx$Pg
                                      • API String ID: 1828785207-966073769
                                      • Opcode ID: d22304c837032f172b3b64b32b2207f16188ffcc8030d02753b633935db6ecbb
                                      • Instruction ID: c66877d923e376974a9de94761f6aeb2d3916806d102e532d4c04ec4eac60f7f
                                      • Opcode Fuzzy Hash: d22304c837032f172b3b64b32b2207f16188ffcc8030d02753b633935db6ecbb
                                      • Instruction Fuzzy Hash: 82115971805618DFDB14EBA4D95AB9DBBB4BF04304F600259E005B7292DBB49A09CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3F2C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50shutdownCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetCurrentProcess.KERNEL32(?,?,?,?,?,-00000004,Type,?,?,?,00000000), ref: 00E3F2D9
                                      • OpenProcessToken.ADVAPI32(00000000,00000028,?,?,?,?,?,?,-00000004,Type,?,?,?,00000000), ref: 00E3F2E6
                                      • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00E3F2FD
                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00E3F328
                                      • ExitWindowsEx.USER32(00000002,0000FFFF), ref: 00E3F336
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ProcessToken$AdjustCurrentExitLookupOpenPrivilegePrivilegesValueWindows
                                      • String ID: SeShutdownPrivilege
                                      • API String ID: 1314775590-3733053543
                                      • Opcode ID: 9736a9f6c16deed06d222b195102bfa6572c1637b9a045d6fc8975d6d34005ba
                                      • Instruction ID: cf3cb1a095f36fcb822eac9a2cb800f4553e8f663496c3cfa327e0208a05a0ca
                                      • Opcode Fuzzy Hash: 9736a9f6c16deed06d222b195102bfa6572c1637b9a045d6fc8975d6d34005ba
                                      • Instruction Fuzzy Hash: 6C012971E01229AFDF109FA6DD4EAEFBFB8EF09704F500119E505B6291CB749908CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E2C759 Relevance: 9.0, APIs: 6, Instructions: 49fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E2C763
                                      • FindFirstFileW.KERNEL32(00000000,?,00000258,00E2C11F,7B1078F4,?,?,?,?,00E70964,000000FF), ref: 00E2C794
                                      • GetFileAttributesW.KERNEL32(00000000,?,?,?,?,00E70964,000000FF), ref: 00E2C7B8
                                      • SetFileAttributesW.KERNEL32(00000000,00000000,?,?,?,?,00E70964,000000FF), ref: 00E2C7C3
                                      • DeleteFileW.KERNEL32(00000000,?,?,?,?,00E70964,000000FF), ref: 00E2C7D2
                                      • FindClose.KERNEL32(?,?,?,?,?,00E70964,000000FF), ref: 00E2C7EB
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: File$AttributesFind$CloseDeleteFirstH_prolog3_
                                      • String ID:
                                      • API String ID: 4163061756-0
                                      • Opcode ID: ed931af03a78b57bfde874eea5921951a2866b87ccb0cc0af9fe4e7f94dfe929
                                      • Instruction ID: c3630f3d3ed6c9c09555a554db7b770b9530f814e3797b22a5a925199c9f105d
                                      • Opcode Fuzzy Hash: ed931af03a78b57bfde874eea5921951a2866b87ccb0cc0af9fe4e7f94dfe929
                                      • Instruction Fuzzy Hash: 2E118C31402A259FC7149B68ED8C65CB7B5BF45339F741349E079B61E0CB709985CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E5B100 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 464COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: S$S
                                      • API String ID: 0-243693543
                                      • Opcode ID: 958b551c256bf0be6885a8eb9f84cf2be1619a86d64d7a1e9b5422ee85b1e36f
                                      • Instruction ID: c3b00d641cda0b738f7f5e0504d2e4dec971cf3e0031b86c46bcb294dd86ba21
                                      • Opcode Fuzzy Hash: 958b551c256bf0be6885a8eb9f84cf2be1619a86d64d7a1e9b5422ee85b1e36f
                                      • Instruction Fuzzy Hash: AF023B71E002199BDF18CFA9C8806AEF7F6FF48315F259569D819F7241E730AA45CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3E97C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E3E983
                                      • LoadResource.KERNEL32(?,?,00000038,00E3EAD4,?,?,?,?,?,?,00DFC437,?,?,?,?,?), ref: 00E3E99A
                                        • Part of subcall function 00DF0788: __EH_prolog3.LIBCMT ref: 00DF078F
                                        • Part of subcall function 00DF0788: GetLastError.KERNEL32(00000004,00DF0A27,00000000,000000FF,00000000,00000000,00000004,00DF3EA9,000000FF,00000000,?,00000001,00000048,00DF3D63,?,000000FF), ref: 00DF07B1
                                        • Part of subcall function 00DF0788: SetLastError.KERNEL32(00000000,00000000,000000FF,00000000), ref: 00DF07F5
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeString$H_prolog3H_prolog3_LoadResource
                                      • String ID: Hg$Pg
                                      • API String ID: 1199350627-3911212948
                                      • Opcode ID: aad79a9f1cba2515f6ea1e94c25c94663f0402039dd9c367f329bff5d5f6f2a8
                                      • Instruction ID: eb1ba8b55c13ce385038c4de5e7f741535bcc0004bd6df6cbc9263314c121bc9
                                      • Opcode Fuzzy Hash: aad79a9f1cba2515f6ea1e94c25c94663f0402039dd9c367f329bff5d5f6f2a8
                                      • Instruction Fuzzy Hash: 8311C0715002199BCF58EF50C85ABEE77B9EF84304F106499E806F7291DF30D905DB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3A810 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                      Download Yara Rule
                                      APIs
                                      • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00E3A81C
                                      • IsDebuggerPresent.KERNEL32 ref: 00E3A8E8
                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00E3A908
                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 00E3A912
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                      • String ID:
                                      • API String ID: 254469556-0
                                      • Opcode ID: ec59b4fddeb5d3adde794aab591c1748e43ed18cdc2ff3bfb84f40224cd341f8
                                      • Instruction ID: 1183bbd43cc27b9f7ad554c932522ce3b03ff5f3c4f1ca242e0fd3f94eac02ec
                                      • Opcode Fuzzy Hash: ec59b4fddeb5d3adde794aab591c1748e43ed18cdc2ff3bfb84f40224cd341f8
                                      • Instruction Fuzzy Hash: 16312675D0121C9FDB10DFA4D9897CCBBF8AF08304F1051AAE40CAB250EB745A89CF45
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E45457 Relevance: 6.0, APIs: 4, Instructions: 49encryptionCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00E454D4: CryptAcquireContextW.ADVAPI32(00000008,?,00000000,00000001,00000010,00000000,?,00000100,?,?,00E451B6,00000000,00000000,00E11E0D,-00000004,00000002), ref: 00E454F0
                                        • Part of subcall function 00E454D4: CryptReleaseContext.ADVAPI32(?,00000000,?,00E451B6,00000000,00000000,00E11E0D,-00000004,00000002,?,00008004,00000000,00000000), ref: 00E454F9
                                        • Part of subcall function 00E454D4: CryptDestroyHash.ADVAPI32(?,?,00E451B6,00000000,00000000,00E11E0D,-00000004,00000002,?,00008004,00000000,00000000), ref: 00E45502
                                      • CoCreateGuid.OLE32(?), ref: 00E45478
                                      • StringFromGUID2.OLE32(?,?,00000028), ref: 00E45488
                                      • CryptAcquireContextW.ADVAPI32(?,?,?,00000001,00000008), ref: 00E454A7
                                      • CryptCreateHash.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000001,00000008), ref: 00E454BD
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Crypt$Context$AcquireCreateHash$DestroyFromGuidReleaseString
                                      • String ID:
                                      • API String ID: 2686072350-0
                                      • Opcode ID: 0e335bab8a9768e97f390b470d86b79c89a186c1a1b78c60e7cfa9b4fc89c1d3
                                      • Instruction ID: 86ffcddaf4dd10eb63c2dd7385bd9de85147efb990349d0261e97fd0e03614bb
                                      • Opcode Fuzzy Hash: 0e335bab8a9768e97f390b470d86b79c89a186c1a1b78c60e7cfa9b4fc89c1d3
                                      • Instruction Fuzzy Hash: 9C011273600308AFDB10DFA1DD49F9F7BBCEB45711F104425B605AA191DE74AA0D8B61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E567F9 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00E396AE), ref: 00E568F1
                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00E396AE), ref: 00E568FB
                                      • UnhandledExceptionFilter.KERNEL32(00DE8781,?,?,?,?,?,00E396AE), ref: 00E56908
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                      • String ID:
                                      • API String ID: 3906539128-0
                                      • Opcode ID: dd672d197ee95b7851763e419abe22d7f771d7f967b7f8edeaef5e37279ed44f
                                      • Instruction ID: 011d7ac9be671326e1e76b00744c51e1e68f4ac1bb59539c2ab7725d1514ebc2
                                      • Opcode Fuzzy Hash: dd672d197ee95b7851763e419abe22d7f771d7f967b7f8edeaef5e37279ed44f
                                      • Instruction Fuzzy Hash: 5C31F37590122C9BCB21DF24D98979CBBF8EF08311F5052EAE81CA7250EB749F858F44
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E042B5 Relevance: 4.6, APIs: 3, Instructions: 52COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLocaleInfoW.KERNEL32(?,00001004,?,00000014), ref: 00E042E9
                                      • TranslateCharsetInfo.GDI32(00000000,?,00000002), ref: 00E04304
                                      • IsValidLocale.KERNEL32(?,00000001), ref: 00E04332
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: InfoLocale$CharsetTranslateValid
                                      • String ID:
                                      • API String ID: 1865635962-0
                                      • Opcode ID: 8ed27742429851ce10f939550d5381f3083516ccec604676965e26ff0401c595
                                      • Instruction ID: b1d6a3a7745918685ba7eeb827af8120fdc7df16889399397deb26213f8a0cac
                                      • Opcode Fuzzy Hash: 8ed27742429851ce10f939550d5381f3083516ccec604676965e26ff0401c595
                                      • Instruction Fuzzy Hash: 05118EB06002149BDB14EFA5C946EAD77B8AF18704B505419FA41F72E1DB74D885CB64
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E454D4 Relevance: 4.5, APIs: 3, Instructions: 30encryptionCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CryptAcquireContextW.ADVAPI32(00000008,?,00000000,00000001,00000010,00000000,?,00000100,?,?,00E451B6,00000000,00000000,00E11E0D,-00000004,00000002), ref: 00E454F0
                                      • CryptReleaseContext.ADVAPI32(?,00000000,?,00E451B6,00000000,00000000,00E11E0D,-00000004,00000002,?,00008004,00000000,00000000), ref: 00E454F9
                                      • CryptDestroyHash.ADVAPI32(?,?,00E451B6,00000000,00000000,00E11E0D,-00000004,00000002,?,00008004,00000000,00000000), ref: 00E45502
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Crypt$Context$AcquireDestroyHashRelease
                                      • String ID:
                                      • API String ID: 2937476097-0
                                      • Opcode ID: 29694fd80ec93690415bc8cdcab50b58451cfae72bbf32826fd9cf520161b047
                                      • Instruction ID: f310fd2f224d42d0c496c4d6964df02d5decebbade5fbed1bb10386336abf6a5
                                      • Opcode Fuzzy Hash: 29694fd80ec93690415bc8cdcab50b58451cfae72bbf32826fd9cf520161b047
                                      • Instruction Fuzzy Hash: 7BE03973110708EFD7314F95DC84D97B7BDFB04345B10093EB282A5060DBB1A9089BA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E6877C Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00E68777,?,?,00000008,?,?,00E68417,00000000), ref: 00E689A9
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ExceptionRaise
                                      • String ID:
                                      • API String ID: 3997070919-0
                                      • Opcode ID: 27694ffa009c02f7eddb092bb504a18cb2393bc9f72640f6d52406fad9819b88
                                      • Instruction ID: 0502d81e481b44dd5027618906c3d23e76ae9df220a1eb9ff7f7ac2e11ec834a
                                      • Opcode Fuzzy Hash: 27694ffa009c02f7eddb092bb504a18cb2393bc9f72640f6d52406fad9819b88
                                      • Instruction Fuzzy Hash: 9CB1C031510608CFD719CF28D58ABA47BE0FF443A8F299659E8D9DF2A1CB35E981CB40
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3A624 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                      Download Yara Rule
                                      APIs
                                      • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00E3A63A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: FeaturePresentProcessor
                                      • String ID:
                                      • API String ID: 2325560087-0
                                      • Opcode ID: d5a0f7ace8b52b0a823abfadf924cd2fdd26b05cde70002556b90cd9124233a2
                                      • Instruction ID: 449e9a1934271c999a19a3eebf38c44a00ae25f28c817e90bbfa14b9c15f874c
                                      • Opcode Fuzzy Hash: d5a0f7ace8b52b0a823abfadf924cd2fdd26b05cde70002556b90cd9124233a2
                                      • Instruction Fuzzy Hash: 225198B1A102158FEB14CF69D8C97AABBF0FB88308F28912BD541FB390D7749984CB51
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E1A150 Relevance: 1.5, APIs: 1, Instructions: 38comCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CoCreateInstance.OLE32(00E8FDD8,00000000,00000001,00E8CDAC,?), ref: 00E1A17B
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CreateInstance
                                      • String ID:
                                      • API String ID: 542301482-0
                                      • Opcode ID: 4ffec62412c1570671001afbfa1f211222e7db9c6df5c0eaf6f9e4c9be5acfc6
                                      • Instruction ID: 2ff5b886ca3c3a0641eb91920fc4754cdccbbc25c707f04fc4aa06fc5c96f316
                                      • Opcode Fuzzy Hash: 4ffec62412c1570671001afbfa1f211222e7db9c6df5c0eaf6f9e4c9be5acfc6
                                      • Instruction Fuzzy Hash: 42F096B6341210AFC7119F0ADC849967BA9EBC5760B640139FA4DB7240CA719C81C7A1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3A9B5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                      Download Yara Rule
                                      APIs
                                      • SetUnhandledExceptionFilter.KERNEL32(Function_0005A9D0,00E3A425), ref: 00E3A9BA
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ExceptionFilterUnhandled
                                      • String ID:
                                      • API String ID: 3192549508-0
                                      • Opcode ID: 268e5bf7250269673f4a47ddc24a1469f23b0067ead9aa6c9958e980fef292b3
                                      • Instruction ID: 32e42e76c8885dcbf40959944d3f8ebbe574c360a040316d6c666c67428197ff
                                      • Opcode Fuzzy Hash: 268e5bf7250269673f4a47ddc24a1469f23b0067ead9aa6c9958e980fef292b3
                                      • Instruction Fuzzy Hash:
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E4497A Relevance: .7, Instructions: 673COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a099a2bd1e6e72e19e82368ca78cbbb29432c65bc4294091ab56732d8d444962
                                      • Instruction ID: d0326f2448f992fbec253471dd2da6c317c77764b892ac96e7e88aeb6b6f1654
                                      • Opcode Fuzzy Hash: a099a2bd1e6e72e19e82368ca78cbbb29432c65bc4294091ab56732d8d444962
                                      • Instruction Fuzzy Hash: CC1272B7F515144BDB0CCA5DCCA27EDB2E3AFD4218B0E803DA40AE3745EA7DD9158684
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DED230 Relevance: .3, Instructions: 289COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 78bc7f97c0be7b9259633fe550c497813476245bae32b0f9a2f0adac97073069
                                      • Instruction ID: 1791109ac899abc3a22cb9e2df091897d103a59cd1617c68acb4d1dae6b47bf5
                                      • Opcode Fuzzy Hash: 78bc7f97c0be7b9259633fe550c497813476245bae32b0f9a2f0adac97073069
                                      • Instruction Fuzzy Hash: E7C1DC309241654FCB88DF5FECC043AB7F1EB8A301B45415BDA81E7265C635AA1ECBB0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E54B9E Relevance: .2, Instructions: 237COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1d01c70038bfe7bdadad4314aa0e930ef6ea69cda01dfc3e870e820d041f81f4
                                      • Instruction ID: 00ea34efdca2e44eb96a2d59ddd6dad990b0d47b88d72c681701e4dbb3aabc74
                                      • Opcode Fuzzy Hash: 1d01c70038bfe7bdadad4314aa0e930ef6ea69cda01dfc3e870e820d041f81f4
                                      • Instruction Fuzzy Hash: 276138F260070866EA38996898967FEA3A49B8170FF143D1AEC47FF1C1D6119DCE8745
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E452B0 Relevance: .0, Instructions: 12COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2b31e635f2326b0b49802b903e3e6127c5dd1fd7feca37d7c31f6a5e61202e08
                                      • Instruction ID: a3c277cf60f8a54afdfb1c7dd507c0b34885545901d38627c9498957fe841d64
                                      • Opcode Fuzzy Hash: 2b31e635f2326b0b49802b903e3e6127c5dd1fd7feca37d7c31f6a5e61202e08
                                      • Instruction Fuzzy Hash: 31C01232110611CBE7350E55F80079477E46B00315F14451EE080A11A1D7B48CC0CB54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE53F0 Relevance: 109.0, APIs: 48, Strings: 14, Instructions: 457timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(7B1078F4), ref: 00DE5437
                                      • SetLastError.KERNEL32(Pg), ref: 00DE546E
                                      • GetDateFormatW.KERNEL32(00000800,00000000,00000000,M-d-yyyy,00000000,00000080), ref: 00DE54D3
                                      • GetLastError.KERNEL32 ref: 00DE54F2
                                      • SetLastError.KERNEL32(00E96750), ref: 00DE5529
                                      • GetTimeFormatW.KERNEL32(00000800,00000000,00000000,hh':'mm':'ss tt,00000000,00000080), ref: 00DE5587
                                      • GetLastError.KERNEL32 ref: 00DE55BE
                                      • SetLastError.KERNEL32(00E96750,00E965D4,00E965D2), ref: 00DE5640
                                      • GetLastError.KERNEL32(?), ref: 00DE5672
                                      • SetLastError.KERNEL32(00E96750,00E965D4,00E965D2), ref: 00DE56EF
                                      • GetLastError.KERNEL32(?,00000000,?,?,00000000,00000000), ref: 00DE5743
                                      • SysFreeString.OLEAUT32(?), ref: 00DE575F
                                      • SysFreeString.OLEAUT32(?), ref: 00DE5774
                                      • SetLastError.KERNEL32(?), ref: 00DE57A7
                                      • GetLastError.KERNEL32 ref: 00DE57BC
                                      • SysFreeString.OLEAUT32(?), ref: 00DE57D8
                                      • SysFreeString.OLEAUT32(?), ref: 00DE57ED
                                      • SetLastError.KERNEL32(?), ref: 00DE5820
                                      • GetLastError.KERNEL32 ref: 00DE5835
                                      • SysFreeString.OLEAUT32(00000000), ref: 00DE5851
                                      • SysFreeString.OLEAUT32(?), ref: 00DE5866
                                      • SetLastError.KERNEL32(00E96748), ref: 00DE5899
                                      • GetLastError.KERNEL32 ref: 00DE58AE
                                      • SysFreeString.OLEAUT32(?), ref: 00DE58CA
                                      • SysFreeString.OLEAUT32(?), ref: 00DE58DF
                                      • SetLastError.KERNEL32(?), ref: 00DE5912
                                      • GetLastError.KERNEL32 ref: 00DE5927
                                      • SysFreeString.OLEAUT32(00000000), ref: 00DE5943
                                      • SysFreeString.OLEAUT32(?), ref: 00DE5958
                                      • SetLastError.KERNEL32(00E96748), ref: 00DE598B
                                      • GetLastError.KERNEL32 ref: 00DE59A2
                                      • SetLastError.KERNEL32(00E96750), ref: 00DE59E8
                                      • GetLastError.KERNEL32 ref: 00DE5A9B
                                      • SysFreeString.OLEAUT32(?), ref: 00DE5AB4
                                      • SysFreeString.OLEAUT32(?), ref: 00DE5AC9
                                      • SetLastError.KERNEL32(00E96748), ref: 00DE5AFC
                                      • GetLastError.KERNEL32 ref: 00DE5B11
                                      • SysFreeString.OLEAUT32(?), ref: 00DE5B2D
                                      • SysFreeString.OLEAUT32(?), ref: 00DE5B42
                                      • SetLastError.KERNEL32(?), ref: 00DE5B75
                                      • GetLastError.KERNEL32 ref: 00DE5B84
                                      • SysFreeString.OLEAUT32(?), ref: 00DE5B9A
                                      • SysFreeString.OLEAUT32(?), ref: 00DE5BA9
                                      • SetLastError.KERNEL32(00E96748), ref: 00DE5BCD
                                      • GetLastError.KERNEL32 ref: 00DE5BDC
                                      • SysFreeString.OLEAUT32(?), ref: 00DE5BF2
                                      • SysFreeString.OLEAUT32(?), ref: 00DE5C01
                                      • SetLastError.KERNEL32(00E96748), ref: 00DE5C25
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeString$Format$DateTime
                                      • String ID: %s[%s]: %s$%s[%s]: %s -- File: %s, Line: %d$Hg$Hg$Hg$Hg$Hg$M-d-yyyy$Pg$Pg$Pg$Pg$Pg$hh':'mm':'ss tt
                                      • API String ID: 4275935457-3164024404
                                      • Opcode ID: 881dcf687bdbfdac7b9024c8b88dc8965a14d89b4b947a6389ec6014a0c59d8f
                                      • Instruction ID: 7c378b9fa150d7cefd86cd27896cc2805231cb7049d219d7ec7574d7ccdd021c
                                      • Opcode Fuzzy Hash: 881dcf687bdbfdac7b9024c8b88dc8965a14d89b4b947a6389ec6014a0c59d8f
                                      • Instruction Fuzzy Hash: 8E32E171900658DFDF219FA9DC49B9DBBB1BF09308F5080A9E44DB7261DB716A88CF60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E08E20 Relevance: 75.6, APIs: 41, Strings: 2, Instructions: 357windowtimeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E08E2A
                                      • SetBkMode.GDI32(?,00000001), ref: 00E08E9E
                                      • GetDlgCtrlID.USER32(?), ref: 00E08EA5
                                      • GetStockObject.GDI32(00000005), ref: 00E08ECB
                                      • SendMessageW.USER32(00000405,00000000,00000000,000000A8), ref: 00E08EFB
                                      • PostMessageW.USER32(00000000,00008032,00000000,00000000), ref: 00E08F52
                                      • SetWindowTextW.USER32(?,-00000004), ref: 00E08FB7
                                      • SetTimer.USER32(?,000003E9,000000FA,00000000), ref: 00E08FD6
                                      • GetDlgItem.USER32(?,000003E9), ref: 00E08FDE
                                      • GetDlgItem.USER32(?,000003EB), ref: 00E08FF1
                                      • GetDlgItem.USER32(?,0000012D), ref: 00E09004
                                      • SendMessageW.USER32(00000000,00000402,00000000,00000000), ref: 00E09017
                                      • GetDlgItem.USER32(?,000003EE), ref: 00E0907A
                                      • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 00E09089
                                      • GetObjectW.GDI32(00000000,0000005C,?), ref: 00E0909E
                                      • GetDC.USER32(00000000), ref: 00E090A5
                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00E090B0
                                      • GetDlgItem.USER32(?,00000409), ref: 00E0926B
                                      • GetClientRect.USER32(00000000,?), ref: 00E09279
                                      • GetClientRect.USER32(?,?), ref: 00E09284
                                      • GetStockObject.GDI32(00000000), ref: 00E092A8
                                      • FillRect.USER32(?,?,00000000), ref: 00E092B4
                                      • GetSysColor.USER32(0000000F), ref: 00E092BC
                                      • GetSysColorBrush.USER32(00000000), ref: 00E092C9
                                      • CreateSolidBrush.GDI32(?), ref: 00E092DB
                                      • FillRect.USER32(?,?,00000000), ref: 00E09301
                                      • DeleteObject.GDI32(00000000), ref: 00E09308
                                      • DeleteObject.GDI32(000000A8), ref: 00E09319
                                      • DeleteObject.GDI32 ref: 00E0932E
                                      • DeleteObject.GDI32 ref: 00E0933A
                                      • DeleteObject.GDI32 ref: 00E09346
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Object$DeleteItem$MessageRect$Send$BrushClientColorFillStock$CapsCreateCtrlDeviceH_prolog3_ModePostSolidTextTimerWindow
                                      • String ID: /removeonly$Tahoma
                                      • API String ID: 693135165-2871122225
                                      • Opcode ID: 9805467a0a61c190345abf31af09e60c23c6751f4c9ddcdea503cc0055aa9e7a
                                      • Instruction ID: 5b5b7b3227a4fb51970cadc82450867bdf30e25b93187d9d37834dba7a9f66f6
                                      • Opcode Fuzzy Hash: 9805467a0a61c190345abf31af09e60c23c6751f4c9ddcdea503cc0055aa9e7a
                                      • Instruction Fuzzy Hash: 71D19E72A04604EFDB119F61DD89EAF7BBAFB08305F105255F109B61E2CB345988CF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E48710 Relevance: 58.2, APIs: 27, Strings: 6, Instructions: 465stringwindowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetClassNameW.USER32(?,?,00000032), ref: 00E48761
                                      • lstrcmpiW.KERNEL32(Button,?), ref: 00E48773
                                      • GetWindowLongW.USER32(?,000000F0), ref: 00E48784
                                      • SetWindowLongW.USER32(?,000000F0,?), ref: 00E4883F
                                      • GetWindowLongW.USER32(?,000000F4), ref: 00E48848
                                      • GetWindowRect.USER32(?,?), ref: 00E4899C
                                      • MulDiv.KERNEL32(?,000186A0,000186A0), ref: 00E489F5
                                      • MulDiv.KERNEL32(?,?,000186A0), ref: 00E48A15
                                      • MulDiv.KERNEL32(?,000186A0,?), ref: 00E48A42
                                      • MulDiv.KERNEL32(?,000186A0,?), ref: 00E48A84
                                      • ScreenToClient.USER32(?,?), ref: 00E48AB3
                                      • MulDiv.KERNEL32(?,?,00000004), ref: 00E48ADB
                                      • MulDiv.KERNEL32(?,?,00000008), ref: 00E48AF5
                                      • MoveWindow.USER32(?,?,00000000,?,?,00000000), ref: 00E48B14
                                        • Part of subcall function 00DF3AF0: std::_Xinvalid_argument.LIBCPMT ref: 00DF3AF5
                                      • lstrcmpiW.KERNEL32(Static,?), ref: 00E48B2B
                                      • GetWindowLongW.USER32(?,000000F0), ref: 00E48B3C
                                      • GetWindowLongW.USER32(?,000000F0), ref: 00E48B51
                                      • GetWindowRect.USER32(?,?), ref: 00E48B6A
                                      • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 00E48B7E
                                      • SendMessageW.USER32(?,00000171,00000000,00000000), ref: 00E48BA0
                                      • GetWindowLongW.USER32(?,000000F4), ref: 00E48BCF
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Window$Long$Rectlstrcmpi$ClassClientMessageMoveNamePointsScreenSendXinvalid_argumentstd::_
                                      • String ID: @$Button$PROP_STAT_OLDPROC$PROP_STAT_PSKIN$Static$msctls_progress32
                                      • API String ID: 4053322404-847272177
                                      • Opcode ID: b940dfcab68f1ac742fcfb9b51ccf29e3c1de6e7b0ca1c6d3f13f0becd100714
                                      • Instruction ID: 234c55f1d4c0a796b7dc8da3412698f3beb3c428949f9051e3c7e7df9a4c360a
                                      • Opcode Fuzzy Hash: b940dfcab68f1ac742fcfb9b51ccf29e3c1de6e7b0ca1c6d3f13f0becd100714
                                      • Instruction Fuzzy Hash: 59125875A00614DFCB24CF24D988BAABBF5FB49304F148199E94EAB3A1DB31AD45CF50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E4C380 Relevance: 53.0, APIs: 14, Strings: 21, Instructions: 482COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(7B1078F4,00000000,00000004,?), ref: 00E4C3C8
                                      • SetLastError.KERNEL32(00E96750), ref: 00E4C427
                                      • GetLastError.KERNEL32 ref: 00E4C448
                                      • SetLastError.KERNEL32(00E96750), ref: 00E4C4A7
                                      • GetLastError.KERNEL32 ref: 00E4C4C1
                                      • SetLastError.KERNEL32(00E96750), ref: 00E4C51C
                                      • GetLastError.KERNEL32 ref: 00E4C536
                                      • SetLastError.KERNEL32(00E96750), ref: 00E4C591
                                      • GetLastError.KERNEL32 ref: 00E4C5AB
                                      • SetLastError.KERNEL32(00E96750), ref: 00E4C607
                                        • Part of subcall function 00E477C0: GetLastError.KERNEL32(7B1078F4), ref: 00E4780E
                                        • Part of subcall function 00E477C0: SetLastError.KERNEL32(?), ref: 00E4784D
                                        • Part of subcall function 00E477C0: GetLastError.KERNEL32 ref: 00E4787A
                                        • Part of subcall function 00E477C0: SetLastError.KERNEL32(Pg), ref: 00E478B2
                                        • Part of subcall function 00E477C0: MultiByteToWideChar.KERNEL32(00000000,00000000,00E9672E,00000000,00000000,00000000), ref: 00E478D3
                                      • GetLastError.KERNEL32 ref: 00E4C738
                                      • SetLastError.KERNEL32(00E96750), ref: 00E4C793
                                      • GetLastError.KERNEL32 ref: 00E4C7AD
                                      • SetLastError.KERNEL32(00E96750), ref: 00E4C808
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$ByteCharMultiWide
                                      • String ID: %d,%d$%d,%d,%d$.g$.g$Hg$Hg$Hg$Hg$Hg$Hg$Hg$Hg$Pg$Pg$Pg$Pg$Pg$Pg$Pg$Pg$Pg
                                      • API String ID: 3361762293-457538294
                                      • Opcode ID: c1e3651de595acfa8aef46389d1ccb9cffc00bf11539ee9b31a9da162c3df146
                                      • Instruction ID: 2be8b0988dbcdae7e2fa520f6de36b35f2090d365802245a088e445c803186cc
                                      • Opcode Fuzzy Hash: c1e3651de595acfa8aef46389d1ccb9cffc00bf11539ee9b31a9da162c3df146
                                      • Instruction Fuzzy Hash: C432E2B1D012189FDB64DFA8DD89BDDBBF4AB09304F5045EAE419B3241EB705A88CF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E2C911 Relevance: 49.3, APIs: 12, Strings: 16, Instructions: 310windowsynchronizationCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E2C91B
                                        • Part of subcall function 00DFF3E3: __EH_prolog3_GS.LIBCMT ref: 00DFF3EA
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      • ShellExecuteExW.SHELL32(?), ref: 00E2CC73
                                      • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000004FF), ref: 00E2CCC8
                                      • PeekMessageW.USER32(?,00000000,00000113,00000113,00000001), ref: 00E2CCE5
                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,04270001), ref: 00E2CCFB
                                      • TranslateMessage.USER32(?), ref: 00E2CD09
                                      • DispatchMessageW.USER32(?), ref: 00E2CD13
                                      • WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00E2CD20
                                      • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000004FF), ref: 00E2CD37
                                      • GetExitCodeProcess.KERNEL32(00000000,?), ref: 00E2CD4E
                                      • CloseHandle.KERNEL32(00000000), ref: 00E2CD5A
                                      • GetLastError.KERNEL32 ref: 00E2CDAA
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Message$ErrorLastWait$FreeH_prolog3_MultipleObjectsPeekString$CloseCodeDispatchExecuteExitHandleObjectProcessShellSingleTranslate
                                      • String ID: -arch:$ -bundle:$ -publisher:"$" -version:$-prqmsix:query -IS_temp -pkgname:$<$App package installation is not supported on this platform (%d)$AppxHelper - No process created by successful prerequisite launch$AppxHelper process exited with return code %d$C:\CodeBases\isdev\Src\Runtime\Shared\Setup\SetupPreRequisite.cpp$CSetupPreRequisite::EvaluateConditionAppPackageCondtion$Could not launch prerequisite, last error: %d, ShellExecute: %d$Hg$Hg$Pg$Pg
                                      • API String ID: 506719325-1433037483
                                      • Opcode ID: 1072146d184e6c491e198ab934ee463c77fe4875c331b83620d3b9e9a393ba04
                                      • Instruction ID: 1ee51dc660feea253dc910205bdb0b3a719eb6cf51e8c1335f422ea2b3239900
                                      • Opcode Fuzzy Hash: 1072146d184e6c491e198ab934ee463c77fe4875c331b83620d3b9e9a393ba04
                                      • Instruction Fuzzy Hash: 43D11BB1C0026CEEDB21EBA5DC45BDEBBB8AF14304F1041A9E149B3291DB745B88CF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E04D90 Relevance: 47.6, APIs: 14, Strings: 13, Instructions: 400stringregistryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E04D9A
                                        • Part of subcall function 00DF099E: __EH_prolog3.LIBCMT ref: 00DF09A5
                                      • lstrcmpiW.KERNEL32(?,auto,?,?,00000001,000004FC,00E06C3E,?,?), ref: 00E04DF4
                                      • CharNextW.USER32(?,/auto,00000000,00000000), ref: 00E04F51
                                      • lstrlenW.KERNEL32(?), ref: 00E04F90
                                      • CharNextW.USER32(?,00000001,?,00000001,debuglog,?), ref: 00E05013
                                      • CharNextW.USER32(00000000,eprq), ref: 00E05176
                                      • lstrcmpW.KERNEL32(00000000,%IS_E%), ref: 00E05184
                                      • lstrcpyW.KERNEL32(C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E},00000000), ref: 00E05195
                                      • lstrcpyW.KERNEL32(C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E},?), ref: 00E0521D
                                      • RegDeleteValueW.ADVAPI32(?,00000000), ref: 00E0522B
                                      • RegCloseKey.ADVAPI32(?), ref: 00E05236
                                      • RegCloseKey.ADVAPI32(?), ref: 00E05252
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CharNext$Closelstrcpy$DeleteH_prolog3H_prolog3_Valuelstrcmplstrcmpilstrlen
                                      • String ID: This setup was created with an EVALUATION VERSION of %s, which does not support extraction of the internal MSI file. The full ver$%IS_E%$/auto$C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}$Hg$Hg$Pg$Pg$Software\Microsoft\Windows\CurrentVersion$auto$debuglog$embed{$eprq
                                      • API String ID: 181376493-1927962942
                                      • Opcode ID: 2eb7e50b8730ab027f894f6be6165063145d2ea08940acd67461dfcec2be00e7
                                      • Instruction ID: d9ece6949f51110358368c96b2796169e671470f3256ce0930f851e525d42311
                                      • Opcode Fuzzy Hash: 2eb7e50b8730ab027f894f6be6165063145d2ea08940acd67461dfcec2be00e7
                                      • Instruction Fuzzy Hash: CAF18BB1941669AFDB21EB50CD85BEEB7B8AF14308F0011D9E609B7291DB705F88CF64
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E49620 Relevance: 45.8, APIs: 23, Strings: 3, Instructions: 253COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetPropW.USER32(?,PROP_PSKIN), ref: 00E4964B
                                      • DefWindowProcW.USER32(?,?,?,?), ref: 00E49663
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ProcPropWindow
                                      • String ID: Button$PROP_PSKIN$Static
                                      • API String ID: 8399546-3691526359
                                      • Opcode ID: c989cbd9f9a937a787afe8bf4c240b8af14a0c2ef42361a25d9f1f1a344a47b9
                                      • Instruction ID: dc0df74e1efc7810943d5325ae192230ed0648d665bb294727bf618b94feffeb
                                      • Opcode Fuzzy Hash: c989cbd9f9a937a787afe8bf4c240b8af14a0c2ef42361a25d9f1f1a344a47b9
                                      • Instruction Fuzzy Hash: 71915272600608AFCB10DFA5EC89FAF77B9EB48311F001556F50AF7192DB71A954CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E245CB Relevance: 39.0, APIs: 6, Strings: 16, Instructions: 455COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E245D5
                                        • Part of subcall function 00DF4265: __EH_prolog3_GS.LIBCMT ref: 00DF426F
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                        • Part of subcall function 00DF5B9A: __EH_prolog3.LIBCMT ref: 00DF5BA1
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                        • Part of subcall function 00DF40BE: SysStringLen.OLEAUT32(?), ref: 00DF40C7
                                        • Part of subcall function 00DF40BE: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 00DF40E2
                                        • Part of subcall function 00DF678B: __EH_prolog3_GS.LIBCMT ref: 00DF6795
                                        • Part of subcall function 00DF678B: _wcslen.LIBCMT ref: 00DF67B7
                                        • Part of subcall function 00DF678B: _wcslen.LIBCMT ref: 00DF67EC
                                        • Part of subcall function 00DF678B: SysStringLen.OLEAUT32(?), ref: 00DF68BB
                                        • Part of subcall function 00DF678B: SysFreeString.OLEAUT32(?), ref: 00DF68CA
                                        • Part of subcall function 00DF5DF3: _wcslen.LIBCMT ref: 00DF5E2D
                                      • _wcslen.LIBCMT ref: 00E2476A
                                      • _wcslen.LIBCMT ref: 00E247B5
                                      • _wcslen.LIBCMT ref: 00E2486C
                                      • _wcslen.LIBCMT ref: 00E2489D
                                        • Part of subcall function 00DE8130: SysAllocStringLen.OLEAUT32(00000000,?), ref: 00DE81BE
                                        • Part of subcall function 00DE8130: SysFreeString.OLEAUT32(?), ref: 00DE81EE
                                        • Part of subcall function 00DF9801: __EH_prolog3_GS.LIBCMT ref: 00DF9808
                                        • Part of subcall function 00DF3EFA: SysFreeString.OLEAUT32(00000000), ref: 00DF3F09
                                      • _wcslen.LIBCMT ref: 00E24B9A
                                        • Part of subcall function 00DF0617: __EH_prolog3.LIBCMT ref: 00DF061E
                                        • Part of subcall function 00DF0617: GetLastError.KERNEL32(00000004,00DF0837,?,00000000,00000004,00DFB8B4,?,00000001,0000006C,00DFC2A9,?,?,.ini,Hg,%ld,?), ref: 00DF0640
                                        • Part of subcall function 00DF0617: SetLastError.KERNEL32(?,?), ref: 00DF0678
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: String$_wcslen$ErrorLast$Free$H_prolog3_$AllocH_prolog3
                                      • String ID: $Hg$Hg$IS_OriginalLauncher:$IS_temp$Pg$Pg$auto$delayedstart:$extract_all:$installfromweb:$lW$media_path:$no_engine$runfromtemp$tempdisk1folder:
                                      • API String ID: 1699581959-2637976448
                                      • Opcode ID: 20140f73ecb454c2a9e0d28f2a2324b5834e6d8978c9d07513d125e57ffd8b4f
                                      • Instruction ID: 77ba27f965cc00933f4e9f230e4a6113ce7b71c3950a7086f134f123d0beaaac
                                      • Opcode Fuzzy Hash: 20140f73ecb454c2a9e0d28f2a2324b5834e6d8978c9d07513d125e57ffd8b4f
                                      • Instruction Fuzzy Hash: 87126C709053ACDEDB20EBA4CD51BEEBBB5AF51304F144199E14977282DBB05E49CB32
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E2E45F Relevance: 38.8, APIs: 9, Strings: 13, Instructions: 262windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E2E469
                                      • SendMessageW.USER32(?,0000000C,00000000,ISPREREQDIR), ref: 00E2E514
                                      • SendMessageW.USER32(?,0000000C,00000000,?), ref: 00E2E538
                                      • SendMessageW.USER32(?,00000111,00000008,00000000), ref: 00E2E54C
                                      • SendMessageW.USER32(?,0000000C,00000000,?), ref: 00E2E56D
                                      • SendMessageW.USER32(?,00000111,00000007,00000000), ref: 00E2E581
                                      • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00E2E591
                                      • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00E2E5C6
                                        • Part of subcall function 00DE77F0: GetLastError.KERNEL32(7B1078F4,?,00000000), ref: 00DE7834
                                        • Part of subcall function 00DE77F0: SetLastError.KERNEL32(00000000,?,?,00000000), ref: 00DE7906
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: MessageSend$ErrorLast$H_prolog3_
                                      • String ID: Hg$Hg$Hg$Hg$ISPREREQDIR$Pg$Pg$Pg$Pg$[ISPREREQDIR]$[ProductLanguage]$[SETUPEXEDIR]$[SETUPEXENAME]
                                      • API String ID: 860943175-1944163274
                                      • Opcode ID: ff3e2d52883eeec960e05ec0c9bcc2429d7fd2b54e084442d22107142d732a9f
                                      • Instruction ID: 0d1ab5fc8068f64af70aad01cd1754218c7a708be0dbab0d50fb958d70f1feb7
                                      • Opcode Fuzzy Hash: ff3e2d52883eeec960e05ec0c9bcc2429d7fd2b54e084442d22107142d732a9f
                                      • Instruction Fuzzy Hash: 7BC149709052A8EEDB15EBA1CD49BDEBBB8BF15304F5001D9E109B7281DB705B88CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E48070 Relevance: 38.6, APIs: 19, Strings: 3, Instructions: 148windowstringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetWindowRect.USER32(?,?), ref: 00E480AF
                                      • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 00E480C2
                                      • GetWindowTextW.USER32(?,?,00000050), ref: 00E480E0
                                      • SetWindowTextW.USER32(?,00E965D4), ref: 00E480FB
                                      • GetWindowLongW.USER32(?,000000F0), ref: 00E48104
                                      • GetWindowLongW.USER32(?,000000EC), ref: 00E4810F
                                      • GetModuleHandleW.KERNEL32(00000000,00000000), ref: 00E4811B
                                      • CreateWindowExW.USER32(00000000,STATIC,00000000,00000000,0000000A,?,0000000A,?,?,000000FF,00000000), ref: 00E48163
                                      • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00E4817B
                                      • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 00E4818D
                                      • SetWindowLongW.USER32(00000000,000000FC,00E49950), ref: 00E4819B
                                      • SetPropW.USER32(00000000,PROP_STAT_PSKIN,?), ref: 00E481AA
                                      • SetPropW.USER32(00000000,PROP_STAT_OLDPROC,00000000), ref: 00E481B7
                                      • GetDC.USER32(00000000), ref: 00E481BE
                                      • SelectObject.GDI32(00000000,?), ref: 00E481E1
                                      • lstrlenW.KERNEL32(00000000,?), ref: 00E481F5
                                      • GetTextExtentPoint32W.GDI32(00000000,00000000,00000000), ref: 00E48204
                                      • ReleaseDC.USER32(00000000,00000000), ref: 00E4820C
                                      • SetWindowPos.USER32(00000000,?,0000000A,?,00000000,00000000,00000002), ref: 00E48235
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Window$LongText$MessagePropSend$CreateExtentHandleModuleObjectPoint32PointsRectReleaseSelectlstrlen
                                      • String ID: PROP_STAT_OLDPROC$PROP_STAT_PSKIN$STATIC
                                      • API String ID: 1156723014-2065393330
                                      • Opcode ID: 523e1d7a87ac03d42fb7f591496da99617ccd09aa5c86c638362d7d25225f8d3
                                      • Instruction ID: e3f1aa490d9624ef031e3b994cf1b6b9cbae58d5178026074eacd02c07772c9f
                                      • Opcode Fuzzy Hash: 523e1d7a87ac03d42fb7f591496da99617ccd09aa5c86c638362d7d25225f8d3
                                      • Instruction Fuzzy Hash: AB516E32A00728BFDB219BA5DC49FAEBB7DEF49711F000199F609F61A0DB745A448F61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE7530 Relevance: 36.9, APIs: 15, Strings: 6, Instructions: 176COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(7B1078F4), ref: 00DE758A
                                      • SetLastError.KERNEL32(?), ref: 00DE75C1
                                      • GetLastError.KERNEL32 ref: 00DE75F8
                                      • SetLastError.KERNEL32(Pg), ref: 00DE762E
                                      • GetLastError.KERNEL32 ref: 00DE7646
                                      • SetLastError.KERNEL32(00E96750), ref: 00DE767C
                                      • GetLastError.KERNEL32 ref: 00DE76DE
                                      • SysFreeString.OLEAUT32(?), ref: 00DE76F4
                                      • SysFreeString.OLEAUT32(?), ref: 00DE7703
                                      • SetLastError.KERNEL32(00E96748), ref: 00DE7727
                                      • SetLastError.KERNEL32(00E96748), ref: 00DE7736
                                      • GetLastError.KERNEL32 ref: 00DE7774
                                      • SysFreeString.OLEAUT32(?), ref: 00DE778A
                                      • SysFreeString.OLEAUT32(?), ref: 00DE7799
                                      • SetLastError.KERNEL32(00E96748), ref: 00DE77BD
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeString
                                      • String ID: .g$Hg$Hg$Pg$Pg$Pg
                                      • API String ID: 2425351278-947443660
                                      • Opcode ID: 1d579a015e18603e04bafd6d4b26ed8072c7ee8ea1db5a8a19a8dab6535cc83b
                                      • Instruction ID: 44a8ff0f638bb8e93908e93dd66b7692ee45a5957637c26ae804c5bbaa9eb44d
                                      • Opcode Fuzzy Hash: 1d579a015e18603e04bafd6d4b26ed8072c7ee8ea1db5a8a19a8dab6535cc83b
                                      • Instruction Fuzzy Hash: B1911671C04649DFDB01DFAAD94879DBBB0FF58308F10922AE819B7221DB75A998CF40
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE4D20 Relevance: 35.3, APIs: 12, Strings: 8, Instructions: 272registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(7B1078F4), ref: 00DE4D99
                                      • SetLastError.KERNEL32(?,00E965D4,?), ref: 00DE4E10
                                      • RegOpenKeyExW.ADVAPI32(80000001,SOFTWARE\InstallShield\29.0\Professional,00000000,00020019,?,7B1078F4), ref: 00DE4E56
                                      • GetLastError.KERNEL32 ref: 00DE4E90
                                      • SetLastError.KERNEL32(Pg), ref: 00DE4EC7
                                      • RegQueryValueExW.ADVAPI32(?,VerboseLogPath,00000000,00000000,00000000,00000000), ref: 00DE4F5B
                                      • GetLastError.KERNEL32 ref: 00DE4FB0
                                      • SetLastError.KERNEL32(00E96750), ref: 00DE4FE7
                                      • GetModuleFileNameW.KERNEL32(00000000,00000000,00000104), ref: 00DE5048
                                      • GetLastError.KERNEL32(?,00000000,00000000), ref: 00DE50B5
                                      • SetLastError.KERNEL32(00E96750,InstallShield.log,00000011), ref: 00DE5105
                                      • RegCloseKey.ADVAPI32(?,00E96748,00000001), ref: 00DE5159
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$CloseFileModuleNameOpenQueryValue
                                      • String ID: Hg$Hg$InstallShield.log$Pg$Pg$Pg$SOFTWARE\InstallShield\29.0\Professional$VerboseLogPath
                                      • API String ID: 4261478827-3213275949
                                      • Opcode ID: f1865f6890de0cfbe81658f16225fa3ef8fec9ccf5d9fdc014a39c515d2a5b07
                                      • Instruction ID: ec193b4882215999de46ad915f6aad2426fbe0b89cadce6ab68cc68dd63a143e
                                      • Opcode Fuzzy Hash: f1865f6890de0cfbe81658f16225fa3ef8fec9ccf5d9fdc014a39c515d2a5b07
                                      • Instruction Fuzzy Hash: 06C10470D00358DFEB10DFA5C949BAEBBB4FF49308F14419AE509A7291DB745A88CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DFEC28 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 299libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00DFEC32
                                      • GetProcAddress.KERNEL32(?,RunISMSISetup), ref: 00DFECDF
                                      • GetModuleFileNameW.KERNEL32(00000000,00000400), ref: 00DFEDFD
                                        • Part of subcall function 00E1F8BC: __EH_prolog3_GS.LIBCMT ref: 00E1F8C6
                                        • Part of subcall function 00DF0809: __EH_prolog3.LIBCMT ref: 00DF0810
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_$AddressFileH_prolog3ModuleNameProc
                                      • String ID: /removeonly$C:\CodeBases\isdev\Src\Runtime\MSI\Shared\Setup\IsMsiHelper.cpp$Could not find entry point in ISSetup.dll$Hg$Hg$Hg$Hg$ISSetup.dll$Launching InstallScript engine: %s, %s, %d$Pg$Pg$Pg$Pg$RunISMSISetup$setup.exe$y
                                      • API String ID: 1971737574-2245524949
                                      • Opcode ID: 04eca33bf18bade0ad5627197468d02467b3d52a9d6dbf3ee786739e7c0f1040
                                      • Instruction ID: ae5d695f1339c0f2e83e002acd4301b8a5c24180487c6d34aba82a19e2100520
                                      • Opcode Fuzzy Hash: 04eca33bf18bade0ad5627197468d02467b3d52a9d6dbf3ee786739e7c0f1040
                                      • Instruction Fuzzy Hash: 1DD1667090022CDEDB24EFA4C885BEDBBB4AF15304F1481EAE589A7291DB705A84CF60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE5180 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 183fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(7B1078F4), ref: 00DE51C4
                                      • SetLastError.KERNEL32(Pg,00E965D4,00E965D2), ref: 00DE522B
                                      • CreateFileW.KERNEL32(-00000004,C0000000,00000001,00000000,00000004,00000080,00000000), ref: 00DE525E
                                      • GetLastError.KERNEL32 ref: 00DE526F
                                      • SysFreeString.OLEAUT32(?), ref: 00DE5285
                                      • SysFreeString.OLEAUT32(?), ref: 00DE5294
                                      • SetLastError.KERNEL32(?), ref: 00DE52B8
                                      • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00DE52D4
                                      • ReadFile.KERNEL32(00000000,?,00000002,00000000,00000000), ref: 00DE52E7
                                      • WriteFile.KERNEL32(00000000,?,00000002,?,00000000), ref: 00DE5324
                                      • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 00DE5338
                                      • WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 00DE5357
                                      • CloseHandle.KERNEL32(00000000), ref: 00DE536B
                                      • GetLastError.KERNEL32 ref: 00DE537A
                                      • SysFreeString.OLEAUT32(00000000), ref: 00DE5390
                                      • SysFreeString.OLEAUT32(?), ref: 00DE539F
                                      • SetLastError.KERNEL32(00E96748), ref: 00DE53C3
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorFileLast$FreeString$PointerWrite$CloseCreateHandleRead
                                      • String ID: Hg$Pg
                                      • API String ID: 1593397424-3911212948
                                      • Opcode ID: 58fba77855c0ec420058d9d9f29debed92a6293c7eb3d7b9e5c36ff8a9196264
                                      • Instruction ID: cf1fe0a6c2f0c924c1d6da4950f8580402c5476fcc9bf35f3c5c1c97986f9c23
                                      • Opcode Fuzzy Hash: 58fba77855c0ec420058d9d9f29debed92a6293c7eb3d7b9e5c36ff8a9196264
                                      • Instruction Fuzzy Hash: 75715B75900A48DFEF119FA5DC49BAEBBB4FF08348F144129E905B72A1DBB55908CF60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E034E7 Relevance: 31.9, APIs: 9, Strings: 9, Instructions: 370registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E034F1
                                        • Part of subcall function 00DE4B50: GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 00DE4B74
                                      • RegCreateKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,00000124,00E02B7B,?,0000001C,00000000,00000048,?), ref: 00E0367B
                                      • RegCloseKey.ADVAPI32(00000001), ref: 00E03695
                                      • GetCommandLineW.KERNEL32 ref: 00E0371C
                                      • _wcslen.LIBCMT ref: 00E03734
                                        • Part of subcall function 00DFC19E: __EH_prolog3.LIBCMT ref: 00DFC1A5
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                        • Part of subcall function 00DFF67F: __EH_prolog3_GS.LIBCMT ref: 00DFF686
                                        • Part of subcall function 00DFF67F: _wcslen.LIBCMT ref: 00DFF6C9
                                        • Part of subcall function 00DFF67F: SetLastError.KERNEL32(00000000,?,00000000), ref: 00DFF6E6
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      • RegCloseKey.ADVAPI32(?,00E96748,00000001,?,00000000,00E96748,00E87020,?,00000001), ref: 00E03A2F
                                      • RegCloseKey.ADVAPI32(00000000,00000124,00E02B7B,?,0000001C,00000000,00000048,?,00000000,00EBAE54,?), ref: 00E03A56
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$Close$FreeH_prolog3_String_wcslen$CommandCreateH_prolog3HandleLineModule
                                      • String ID: ISSetupPrerequisistes$%%IS_PREREQ%%-%s$.exe$Hg$Hg$Pg$Pg$Software\Microsoft\Windows\CurrentVersion$Software\Microsoft\Windows\CurrentVersion\RunOnce
                                      • API String ID: 1777661291-3741724365
                                      • Opcode ID: 3312a4ed9a1ac3cc487525eaa7484a0018bea140642eda5477fed2f7a3a304d5
                                      • Instruction ID: 86ead80f590ece8310ce75b9f3f8b4dbf4ddb079ebf4cd377c330ad61e678988
                                      • Opcode Fuzzy Hash: 3312a4ed9a1ac3cc487525eaa7484a0018bea140642eda5477fed2f7a3a304d5
                                      • Instruction Fuzzy Hash: DDF1557190025CEEDB24EBA4CD95BEDB7B8AF14304F508099E149B7292DBB05F88CF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E4A200 Relevance: 31.8, APIs: 10, Strings: 11, Instructions: 308COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(7B1078F4,?,?,?), ref: 00E4A28C
                                      • SetLastError.KERNEL32(Pg,?,?), ref: 00E4A2C5
                                      • GetLastError.KERNEL32(?,?), ref: 00E4A2D9
                                      • SetLastError.KERNEL32(00E96750,?,?), ref: 00E4A310
                                      • GetLastError.KERNEL32(?,?,00000001,?,?,00000001,?,?), ref: 00E4A4DE
                                      • SetLastError.KERNEL32(00E96750,?,?,?,00000001,?,?,00000001,?,?), ref: 00E4A52B
                                      • GetLastError.KERNEL32(?,?,?,?,00000001,?,?,00000001,?,?), ref: 00E4A56F
                                      • SetLastError.KERNEL32(00E96750,00000000,?,?,00000001,?,?,00000001,?,?), ref: 00E4A5AA
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast
                                      • String ID: -%04x$ALL$Hg$Hg$Hg$Hg$Pg$Pg$Pg$Pg$Pg
                                      • API String ID: 1452528299-964825821
                                      • Opcode ID: cbf62995ea85329ebd2780560dd0a1104f6a61fdbc1dab5e19dbcb2349eb475e
                                      • Instruction ID: 96e450147b86f7a99d6481198867f3ebd1065c2e8b116e5afc40cb1c9e2ba986
                                      • Opcode Fuzzy Hash: cbf62995ea85329ebd2780560dd0a1104f6a61fdbc1dab5e19dbcb2349eb475e
                                      • Instruction Fuzzy Hash: B5D15971900218DFDF21EFA5D945BDDBBB4EF08314F1441AAE809B7291DB706A48CF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E05359 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 160COMMON
                                      Download Yara Rule
                                      APIs
                                      • CharNextW.USER32 ref: 00E0535A
                                      • CharNextW.USER32 ref: 00E05374
                                        • Part of subcall function 00E067F9: __EH_prolog3_GS.LIBCMT ref: 00E06803
                                      • CharNextW.USER32 ref: 00E0538D
                                      • CharNextW.USER32(00000000), ref: 00E05394
                                      • CharNextW.USER32 ref: 00E053A9
                                      • CharNextW.USER32(00000000), ref: 00E053B0
                                      • CharNextW.USER32(?,?,00000001), ref: 00E053CB
                                      • CharNextW.USER32(00000000,?,?,00000001), ref: 00E053D2
                                      • PathFileExistsW.SHLWAPI(-00000004), ref: 00E0541F
                                      • CharNextW.USER32(?,?,00000001), ref: 00E05443
                                      • CharNextW.USER32(00000000), ref: 00E0544A
                                      • CharNextW.USER32(?,00000000,00000001), ref: 00E054D8
                                      • CharNextW.USER32(00000000), ref: 00E054DF
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CharNext$ExistsFileH_prolog3_Path
                                      • String ID: %$/f1$/f2
                                      • API String ID: 1764005513-3480956927
                                      • Opcode ID: 77f43839fb735d1b459efffea1a2563096ab8fe33f93b427a368166183978de0
                                      • Instruction ID: 77096d9849251a168c2861b3c4b0585b48ebfccc705d28f52e78f0d24e4d7b7e
                                      • Opcode Fuzzy Hash: 77f43839fb735d1b459efffea1a2563096ab8fe33f93b427a368166183978de0
                                      • Instruction Fuzzy Hash: 7851B5B2805655AFDB20DBA8DC48BEE7B78AB04306F1041D9F216B7191CB744EC8CF65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E36A0E Relevance: 30.0, APIs: 1, Strings: 16, Instructions: 288COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E36A18
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                        • Part of subcall function 00DE6B40: GetLastError.KERNEL32(7B1078F4), ref: 00DE6B91
                                        • Part of subcall function 00DE6B40: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE6C0A
                                        • Part of subcall function 00E202A8: __EH_prolog3_GS.LIBCMT ref: 00E202AF
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3_
                                      • String ID: BuildNo$Hg$Hg$Hg$Hg$Hg$Hg$MajorVer$MinorVer$MinorVerMax$Pg$Pg$Pg$Pg$Pg$PlatformId
                                      • API String ID: 3339191932-4224899049
                                      • Opcode ID: 60dbe215514c08b38d1627a37976e910b7975f2a48cd7fc5384b677d149bcfd8
                                      • Instruction ID: 32060f64d7ec59f62a116e1a403c1d0505567c0df8d63bec9695fbac56a14194
                                      • Opcode Fuzzy Hash: 60dbe215514c08b38d1627a37976e910b7975f2a48cd7fc5384b677d149bcfd8
                                      • Instruction Fuzzy Hash: 9CC128B1D4121AEADB61DF64CD95BEDBBB4EF54308F6041EAA029B7281DB704B84CF50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E20772 Relevance: 28.5, APIs: 1, Strings: 15, Instructions: 454COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_catch_GS.LIBCMT ref: 00E2077C
                                        • Part of subcall function 00E1F8BC: __EH_prolog3_GS.LIBCMT ref: 00E1F8C6
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_H_prolog3_catch_
                                      • String ID: ($2$C:\CodeBases\isdev\Src\Runtime\MSI\Shared\Setup\session.cpp$Hg$Hg$Hg$InstalledProductName$PackageCode$Pg$Pg$Pg$Upgrade check: checking product code %s$Upgrade check: later product version already installed$Upgrade check: obtained package code %s from machine, current package code is %s$VersionString
                                      • API String ID: 2112800272-3006147744
                                      • Opcode ID: eccf84b1b3167762c218a893ef152a835151a9b116e8b0b3399988cf2fabfd54
                                      • Instruction ID: 9d957caf1d17bc7a54369960e9717b915c2f60d62d7c818c249072a21fdca93c
                                      • Opcode Fuzzy Hash: eccf84b1b3167762c218a893ef152a835151a9b116e8b0b3399988cf2fabfd54
                                      • Instruction Fuzzy Hash: 35128B70901258DFDB25EBA4C986BDDBBB4AF15304F1041E9E145B7292DBB05F88CFA2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E30DD0 Relevance: 28.1, APIs: 1, Strings: 15, Instructions: 94COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E30DD7
                                        • Part of subcall function 00E2F236: __EH_prolog3_GS.LIBCMT ref: 00E2F240
                                        • Part of subcall function 00E2F236: RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,0000021C,00E31ED7,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,?,?,00E30CEB,?), ref: 00E2F2B4
                                        • Part of subcall function 00E2F236: RegCloseKey.ADVAPI32(?,0000021C,00E31ED7,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,?,?,00E30CEB,?,00000001,00000000,Hg,00000000,00000000,Hg,00000000), ref: 00E2F2C7
                                        • Part of subcall function 00E2F148: __EH_prolog3.LIBCMT ref: 00E2F14F
                                        • Part of subcall function 00E2F148: RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,00000008,00000014,00E31F15,80000002,SYSTEM\CurrentControlSet\Control\Session Manager,PendingFileRenameOperations,80000002,SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx,80000002), ref: 00E2F18B
                                        • Part of subcall function 00E2F148: RegCloseKey.ADVAPI32(00000000,00000014,00E31F15,80000002,SYSTEM\CurrentControlSet\Control\Session Manager,PendingFileRenameOperations,80000002,SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,?,?,00E30CEB,?), ref: 00E2F1AA
                                        • Part of subcall function 00E2F015: __EH_prolog3_GS.LIBCMT ref: 00E2F01F
                                        • Part of subcall function 00E2F8F0: __EH_prolog3_GS.LIBCMT ref: 00E2F8FA
                                        • Part of subcall function 00E2F8F0: RegQueryValueExW.ADVAPI32(?,PendingFileRenameOperations,00000000,?,00000000,?,000000CC,00E30E51,[WindowsFolder]Wininit.ini,rename,80000002,SYSTEM\CurrentControlSet\Control\Session Manager,PendingFileRenameOperations,80000002,SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations,80000002), ref: 00E2F964
                                        • Part of subcall function 00E2F8F0: RegQueryValueExW.ADVAPI32(?,PendingFileRenameOperations,00000000,00000000,?,?,?,00000000), ref: 00E2F9F1
                                        • Part of subcall function 00E2F8F0: GetTempPathW.KERNEL32(00000104,00000000,?,00000000,?,?,?,00000000), ref: 00E2FA6A
                                      Strings
                                      • Wininit.ini rename, xrefs: 00E30ED7
                                      • Hg, xrefs: 00E30E64
                                      • [WindowsFolder]Wininit.ini, xrefs: 00E30E28
                                      • Reboot required - %s key added, xrefs: 00E30EDC
                                      • SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx, xrefs: 00E30DEE
                                      • Reboot required - %s value added, xrefs: 00E30EB3
                                      • SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00E30DDE
                                      • RunOnceEx, xrefs: 00E30E96
                                      • SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 00E30DFE
                                      • Pg, xrefs: 00E30E67
                                      • SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 00E30E13
                                      • PendingFileRenameOperations, xrefs: 00E30E0E, 00E30EAE
                                      • RunOnce, xrefs: 00E30E84
                                      • rename, xrefs: 00E30E23
                                      • FileRenameOperations, xrefs: 00E30EC5
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_Value$Query$Close$EnumH_prolog3PathTemp
                                      • String ID: FileRenameOperations$Hg$PendingFileRenameOperations$Pg$Reboot required - %s key added$Reboot required - %s value added$RunOnce$RunOnceEx$SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce$SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx$SYSTEM\CurrentControlSet\Control\Session Manager$SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations$Wininit.ini rename$[WindowsFolder]Wininit.ini$rename
                                      • API String ID: 3376869475-1231898016
                                      • Opcode ID: 4a5a6327bf5b05b7a4d40a2c463df276f6823d9b2d2cb3fcc94e4695058496a5
                                      • Instruction ID: f9bfd757da3aafb9cb11e0e99028b89caa73f2b68297a83a3dc7ea4575eb7cc1
                                      • Opcode Fuzzy Hash: 4a5a6327bf5b05b7a4d40a2c463df276f6823d9b2d2cb3fcc94e4695058496a5
                                      • Instruction Fuzzy Hash: AE31AA70B44354DFCF20EAA5C85AFAEBBF5AB40704F106C2AE51EB7282CBB49905C715
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E4F070 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 138memorywindowCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00E4F240: GdiplusStartup.GDIPLUS(00EBEFF8,?,00000000), ref: 00E4F276
                                      • FindResourceW.KERNEL32(000000FF,00E4BDFB,PNG,?,?,?,?,00E4BDFB,000000FF), ref: 00E4F097
                                      • FindResourceW.KERNEL32(000000FF,00E4BDFB,00000002,?,00E4BDFB,000000FF), ref: 00E4F0A8
                                      • GdipAlloc.GDIPLUS(00000010,?,00E4BDFB,000000FF), ref: 00E4F0B8
                                      • GdipCreateBitmapFromResource.GDIPLUS(000000FF,00E4BDFB,00000000,00000010,?,00E4BDFB,000000FF), ref: 00E4F0DA
                                      • SizeofResource.KERNEL32(000000FF,00000000,?,00E4BDFB,000000FF), ref: 00E4F106
                                      • LoadResource.KERNEL32(000000FF,000000FF,?,00E4BDFB,000000FF), ref: 00E4F112
                                      • LockResource.KERNEL32(00000000,?,00E4BDFB,000000FF), ref: 00E4F119
                                      • GlobalAlloc.KERNEL32(00000002,00000000,?,00E4BDFB,000000FF), ref: 00E4F12D
                                      • GlobalLock.KERNEL32(00000000,?,00E4BDFB,000000FF), ref: 00E4F13E
                                      • CreateStreamOnHGlobal.OLE32(00000000,00000000,00000000,?,?,?,?,00E4BDFB,000000FF), ref: 00E4F166
                                      • GdipAlloc.GDIPLUS(00000010,?,?,?,?,00E4BDFB,000000FF), ref: 00E4F178
                                      • GdipCreateBitmapFromStream.GDIPLUS(00E4BDFB,000000FF,00000010,?,?,?,?,00E4BDFB), ref: 00E4F197
                                      • GlobalUnlock.KERNEL32(?,?,?,?,?,00E4BDFB,000000FF), ref: 00E4F1C1
                                      • GlobalFree.KERNEL32(00000000), ref: 00E4F1C8
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Resource$Global$Gdip$AllocCreate$BitmapFindFromLockStream$FreeGdiplusLoadSizeofStartupUnlock
                                      • String ID: PNG
                                      • API String ID: 4145215180-364855578
                                      • Opcode ID: b33dd7207ca07ecd8762fdb1ac81d2af3579381d4d17d567a45b919a542266cb
                                      • Instruction ID: 726add39a719421678fb6dd8f5a819b39e4856897273d269ddcf6e3d46c9fb5a
                                      • Opcode Fuzzy Hash: b33dd7207ca07ecd8762fdb1ac81d2af3579381d4d17d567a45b919a542266cb
                                      • Instruction Fuzzy Hash: 0F41A676901619EFCB209FA5EC44AAEBBF8EF44751F104069F808F3351DB709940DB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E34EA0 Relevance: 25.6, APIs: 17, Instructions: 104windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetObjectW.GDI32(00000018,?), ref: 00E34ECF
                                      • GetDesktopWindow.USER32 ref: 00E34ED9
                                      • GetClientRect.USER32(00000000), ref: 00E34EE0
                                      • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 00E34F07
                                      • GetDC.USER32(?), ref: 00E34F2A
                                      • GetObjectW.GDI32(00000018,?), ref: 00E34F3E
                                      • CreateCompatibleDC.GDI32(00000000), ref: 00E34F45
                                      • UnrealizeObject.GDI32(00000000), ref: 00E34F57
                                      • SelectPalette.GDI32(00000000,00000000), ref: 00E34F66
                                      • RealizePalette.GDI32(00000000), ref: 00E34F6D
                                      • UnrealizeObject.GDI32 ref: 00E34F79
                                      • SelectPalette.GDI32(00000000,00000000), ref: 00E34F88
                                      • RealizePalette.GDI32(00000000), ref: 00E34F8F
                                      • SelectObject.GDI32(00000000), ref: 00E34F9C
                                      • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 00E34FB5
                                      • ReleaseDC.USER32(?,00000000), ref: 00E34FBD
                                      • DeleteDC.GDI32(00000000), ref: 00E34FC4
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Object$Palette$Select$RealizeUnrealizeWindow$ClientCompatibleCreateDeleteDesktopMoveRectRelease
                                      • String ID:
                                      • API String ID: 366568439-0
                                      • Opcode ID: c0a7fabf3f129f9e605bcd3548744e312a4c233dbe6dd97e4df6e47d95d03571
                                      • Instruction ID: cbd118f82919eee6d9b425967139ef86d94f770c205f645d56e6d33312357f5f
                                      • Opcode Fuzzy Hash: c0a7fabf3f129f9e605bcd3548744e312a4c233dbe6dd97e4df6e47d95d03571
                                      • Instruction Fuzzy Hash: A1310772500508AFDB019BA6ED4DEEE7BBDFB08311F045524F60AF6160CB749908DB61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3C4A5 Relevance: 24.9, APIs: 5, Strings: 9, Instructions: 401COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E3C4AF
                                      • GetLastError.KERNEL32 ref: 00E3C554
                                      • GetLastError.KERNEL32 ref: 00E3C620
                                      • __EH_prolog3_catch_GS.LIBCMT ref: 00E3C69A
                                        • Part of subcall function 00DF0617: __EH_prolog3.LIBCMT ref: 00DF061E
                                        • Part of subcall function 00DF0617: GetLastError.KERNEL32(00000004,00DF0837,?,00000000,00000004,00DFB8B4,?,00000001,0000006C,00DFC2A9,?,?,.ini,Hg,%ld,?), ref: 00DF0640
                                        • Part of subcall function 00DF0617: SetLastError.KERNEL32(?,?), ref: 00DF0678
                                        • Part of subcall function 00E1CAB3: __EH_prolog3_GS.LIBCMT ref: 00E1CABD
                                        • Part of subcall function 00E23078: __EH_prolog3_GS.LIBCMT ref: 00E23082
                                        • Part of subcall function 00E23078: CloseHandle.KERNEL32(000000FF,00000084,00E23337,00000004,00E3295B,@o,80000000,00000001,00000080,00000003,00000000,00000000,?,00000000,00000084,00E41F8A), ref: 00E230BA
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3_$FreeString$CloseH_prolog3H_prolog3_catch_Handle
                                      • String ID: $*.*$@o$Hg$Ho$Pg$Pg$Pg$P
                                      • API String ID: 3974534895-4087936464
                                      • Opcode ID: 02cf21d7ebee236e3cad70e0c2bdfa4b8841ea39a1fe6d4e6e720b0383a39359
                                      • Instruction ID: d119486bfd0c14fea40e288d90faf5c9daae626a204774f63103f04f8e814e51
                                      • Opcode Fuzzy Hash: 02cf21d7ebee236e3cad70e0c2bdfa4b8841ea39a1fe6d4e6e720b0383a39359
                                      • Instruction Fuzzy Hash: 88E1B870C0124CABDF10EFA4C94ABEDBFB8AF55308F605099E90977292D7719E45CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E2D3AA Relevance: 24.9, APIs: 3, Strings: 11, Instructions: 351registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E2D3B4
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                        • Part of subcall function 00DFF269: _wcslen.LIBCMT ref: 00DFF291
                                      • RegQueryValueExW.ADVAPI32(00000000,?,00000000,?,?,00000004), ref: 00E2D607
                                        • Part of subcall function 00E326FC: _wcslen.LIBCMT ref: 00E32724
                                      • RegCloseKey.ADVAPI32(00000000), ref: 00E2D87F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast_wcslen$CloseH_prolog3_QueryValue
                                      • String ID: $ $HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_DYN_DATA$HKEY_LOCAL_MACHINE$HKEY_PERFORMANCE_DATA$HKEY_USERS$Hg$Pg
                                      • API String ID: 968084682-474681044
                                      • Opcode ID: 2e84a88345a40b92c40c1111ea19fb30e5eb714be821013a564d411c5a0e5875
                                      • Instruction ID: 05996053bb345126bea1a66005db93736aac7a8b8add428d0ceadfd61ca5c34c
                                      • Opcode Fuzzy Hash: 2e84a88345a40b92c40c1111ea19fb30e5eb714be821013a564d411c5a0e5875
                                      • Instruction Fuzzy Hash: A3E17F30A08268DEDF28DB64ED45BEDB7B4EF11308F105099E649B7191DB749E88CF62
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E0C628 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 210windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E0C632
                                      • FormatMessageW.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000,00000944,00E14355,00000000,MsiOpenDatabaseView,00E965D4,00E965D4,00000000,?,?), ref: 00E0C6F0
                                      • _wcslen.LIBCMT ref: 00E0C70B
                                      • _wcslen.LIBCMT ref: 00E0C718
                                      • _wcslen.LIBCMT ref: 00E0C725
                                      • _wcslen.LIBCMT ref: 00E0C72D
                                      • wsprintfW.USER32 ref: 00E0C79E
                                      • CreateErrorInfo.OLEAUT32(?), ref: 00E0C7BA
                                      • SetErrorInfo.OLEAUT32(00000000,?), ref: 00E0C84E
                                      • LocalFree.KERNEL32(?), ref: 00E0C885
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: _wcslen$ErrorInfo$CreateFormatFreeH_prolog3_LocalMessagewsprintf
                                      • String ID: %s%s(%s)$%s%s(%s, %s)$%s%s()$Windows Installer Error [1]: [2]{, [3]}{, [4]}{, [5]}
                                      • API String ID: 3386703035-2233951040
                                      • Opcode ID: cacb9cdca0788a1db3f6951a2d5991f38fffd60930ebf2e4566ed379039c5769
                                      • Instruction ID: ae640443d17b3c5bad01b58f0a5beafd3850b6c848c75453c4ac1229b5a7f595
                                      • Opcode Fuzzy Hash: cacb9cdca0788a1db3f6951a2d5991f38fffd60930ebf2e4566ed379039c5769
                                      • Instruction Fuzzy Hash: 3C816D719023689EEB25EB64CC45BEEBAF8AF54300F1451E9E409B3192DB709F85CF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E1B189 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 203COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E1B190
                                      • _wcslen.LIBCMT ref: 00E1B1B5
                                      • CharNextW.USER32(?,?,00000000,00000001,00000000,00000064,00E1B57F,?,00000000,00000000,00000000), ref: 00E1B227
                                      • CharNextW.USER32(00000000,?,?,00000000,00000001,00000000,00000064,00E1B57F,?,00000000,00000000,00000000), ref: 00E1B230
                                      • CharNextW.USER32(00000000,?,?,00000000,00000001,00000000,00000064,00E1B57F,?,00000000,00000000,00000000), ref: 00E1B239
                                      • CharNextW.USER32(00000000,?,?,00000000,00000001,00000000,00000064,00E1B57F,?,00000000,00000000,00000000), ref: 00E1B242
                                      • CharNextW.USER32(00000000,}},?,00000000,00000001,00000000,00000064,00E1B57F,?,00000000,00000000,00000000), ref: 00E1B2FC
                                      • CoTaskMemFree.OLE32(?,00000000,00000064,00E1B57F,?,00000000,00000000,00000000), ref: 00E1B3CA
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CharNext$FreeH_prolog3_Task_wcslen
                                      • String ID: }}$HKCR$HKCU{Software{Classes
                                      • API String ID: 750828756-1142484189
                                      • Opcode ID: 8407cce1b228bad2601fbbd90418d6fd66392509bb5942d14396ded67d761790
                                      • Instruction ID: 4962a263df351bd586bd69d58fb738e1ad7ae9e66ec0fa69e578db3c542edff2
                                      • Opcode Fuzzy Hash: 8407cce1b228bad2601fbbd90418d6fd66392509bb5942d14396ded67d761790
                                      • Instruction Fuzzy Hash: 0B719C719043859FCB209FB9C895AEDBBF8AF15305F64642DE896FB255DB7088C8CB10
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DF4F92 Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 168processCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00DF4F9C
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                      • GetModuleFileNameW.KERNEL32(00000000,00000000,00000400,?,00000000,0000015C,00DF1B4E,00000001,C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E},?,?), ref: 00DF5015
                                      • PathFileExistsW.SHLWAPI(?), ref: 00DF5052
                                        • Part of subcall function 00DE7930: SysStringLen.OLEAUT32(00000000), ref: 00DE793A
                                        • Part of subcall function 00DE7930: SysReAllocStringLen.OLEAUT32(00000000,00000009,00000008), ref: 00DE7955
                                      • CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000040,00000000,00000000,?,?), ref: 00DF51AD
                                      • CloseHandle.KERNEL32(?), ref: 00DF51BD
                                      • CloseHandle.KERNEL32(?), ref: 00DF51C9
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CloseErrorFileHandleLastString$AllocCreateExistsH_prolog3_ModuleNamePathProcess
                                      • String ID: "%s" /c del "%s"$"%s" /c rmdir /s /q "%s"$Hg$Hg$Pg$Pg$Pg$cmd.exe
                                      • API String ID: 2261995642-1140899567
                                      • Opcode ID: e7aa9d2ad6bf385bab369f28db4379a286536b4e152654b5748adb89c76d6a73
                                      • Instruction ID: 917ec125845b3f6321831666dd7b6f27c18943bf9c009e9561d2a45e02d1e014
                                      • Opcode Fuzzy Hash: e7aa9d2ad6bf385bab369f28db4379a286536b4e152654b5748adb89c76d6a73
                                      • Instruction Fuzzy Hash: 2A614771C0025CAEDB25EBA4DC85BEEBBB8EF15304F5441AAE149B3251DB705A88CF71
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E141C1 Relevance: 24.6, APIs: 4, Strings: 10, Instructions: 116COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3__wcslen
                                      • String ID: %s%sReason: %s$>>> Fatal %sReason: %s$function failed.$handle in invalid state.$more buffer space required to hold data.$no more items.$passed a bad SQL syntax.$passed an invalid handle.$passed an invalid parameter.$unknown error.
                                      • API String ID: 3251556500-2340172371
                                      • Opcode ID: 6916cb517d10b7323cd4b973333ebea8c44ab4e80bd7c29f9f8101abffc76652
                                      • Instruction ID: f3ea403b509cdeb02f7399e79fc6b68abefd5e348e0f0038b74a750de36eeb4b
                                      • Opcode Fuzzy Hash: 6916cb517d10b7323cd4b973333ebea8c44ab4e80bd7c29f9f8101abffc76652
                                      • Instruction Fuzzy Hash: 15311BB1504104DAEB20AAB8C949AD97AE8EB44305F287166B41DF72E2DB70CFC5C791
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E4E10C Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 112windowfileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • DeleteDC.GDI32(00000000), ref: 00E4DE10
                                      • RestoreDC.GDI32(?,?), ref: 00E4DE1A
                                      • GetTickCount.KERNEL32 ref: 00E4E123
                                      • CreateRectRgn.GDI32(?,?,?,?), ref: 00E4E168
                                      • SelectClipRgn.GDI32(?,00000000), ref: 00E4E173
                                      • BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00CC0020), ref: 00E4E19F
                                      • PlayMetaFile.GDI32(?,00000001), ref: 00E4E1AD
                                      • SelectObject.GDI32(?,?), ref: 00E4E1BA
                                      • DeleteObject.GDI32(?), ref: 00E4E1C8
                                      • GetTickCount.KERNEL32 ref: 00E4E1D1
                                      • SelectClipRgn.GDI32(?,00000000), ref: 00E4E1F4
                                      • BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00CC0020), ref: 00E4E21B
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Select$ClipCountDeleteObjectTick$CreateFileMetaPlayRectRestore
                                      • String ID: gfff
                                      • API String ID: 3661363877-1553575800
                                      • Opcode ID: b860034c17f36bf886b90a8584a97198a15ec9fe5f2ae21299ab57d80e2b855f
                                      • Instruction ID: 494cefcd41bc5b1ed417b52f223388b04372ad92e0a67ad0627d78bd1fc4254c
                                      • Opcode Fuzzy Hash: b860034c17f36bf886b90a8584a97198a15ec9fe5f2ae21299ab57d80e2b855f
                                      • Instruction Fuzzy Hash: 39413832A01619AFCB058F95EC88BEEBB75FF49300F240115F905BA2A1CB75A905DBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE62D0 Relevance: 23.1, APIs: 8, Strings: 5, Instructions: 317COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00DE77F0: GetLastError.KERNEL32(7B1078F4,?,00000000), ref: 00DE7834
                                        • Part of subcall function 00DE77F0: SetLastError.KERNEL32(00000000,?,?,00000000), ref: 00DE7906
                                      • GetLastError.KERNEL32(?,00000000,00E96748,00000001,7B1078F4,?,00000000), ref: 00DE63E9
                                      • SetLastError.KERNEL32(00E96750,00E965D4,00E965D2,?,00000000), ref: 00DE6458
                                        • Part of subcall function 00DE6E50: GetLastError.KERNEL32(7B1078F4), ref: 00DE6E9A
                                        • Part of subcall function 00DE6E50: SetLastError.KERNEL32(?), ref: 00DE6ED5
                                      • GetLastError.KERNEL32(?,00000000), ref: 00DE653A
                                      • SetLastError.KERNEL32(00E96750,00E965D4,00000000,?,00000000), ref: 00DE658A
                                      • GetLastError.KERNEL32(?,00000000), ref: 00DE66B5
                                      • SysFreeString.OLEAUT32(00000000), ref: 00DE66CB
                                      • SysFreeString.OLEAUT32(?), ref: 00DE66DA
                                      • SetLastError.KERNEL32(00E96748), ref: 00DE66FE
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeString
                                      • String ID: Hg$Hg$Pg$Pg$Pg
                                      • API String ID: 2425351278-2668264881
                                      • Opcode ID: dca2fe97dd5d04e523b2b1db162fa93544f51fb819ebaf12d0a921f5d9f5896e
                                      • Instruction ID: 32e0182f90732b3247b457da9566f6a60fb4b6c2cfdf19f524329a0d6583e077
                                      • Opcode Fuzzy Hash: dca2fe97dd5d04e523b2b1db162fa93544f51fb819ebaf12d0a921f5d9f5896e
                                      • Instruction Fuzzy Hash: CED17A71A00258CFCF14EF65C944BADBBB2FF55344F198299E409AB291DB70E944CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E1E780 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 235COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E1E78A
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                      • LoadCursorW.USER32(00000000,00007F02), ref: 00E1E7FF
                                      • SetCursor.USER32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00E1E806
                                      • _wcslen.LIBCMT ref: 00E1E8A3
                                        • Part of subcall function 00DF5EAE: __EH_prolog3_GS.LIBCMT ref: 00DF5EB5
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                        • Part of subcall function 00DF099E: __EH_prolog3.LIBCMT ref: 00DF09A5
                                      • SetCursor.USER32(?,00000000,?,0000000E,?,?,00000001), ref: 00E1EA89
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$Cursor$FreeH_prolog3_String$H_prolog3Load_wcslen
                                      • String ID: C:\CodeBases\isdev\Src\Runtime\MSI\Shared\Setup\session.cpp$C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}$Extracting '%s' to %s$Extraction of '%s' failed$Hg$Hg$Pg$Pg
                                      • API String ID: 1086647164-831885633
                                      • Opcode ID: 73e37428c004cc9332b674202257e69cd5a2cb5a1b1efc6ba90ee13c580df4f4
                                      • Instruction ID: db3ab090f6ca8ef860dfcd08b5d5a671851318c751f865832efccd2d7d86be50
                                      • Opcode Fuzzy Hash: 73e37428c004cc9332b674202257e69cd5a2cb5a1b1efc6ba90ee13c580df4f4
                                      • Instruction Fuzzy Hash: B8A17C7180015CEEDB25EBA0DC85BEDB7B8AF24304F145199E545B7292EBB05F88CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE6750 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 215COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00DE77F0: GetLastError.KERNEL32(7B1078F4,?,00000000), ref: 00DE7834
                                        • Part of subcall function 00DE77F0: SetLastError.KERNEL32(00000000,?,?,00000000), ref: 00DE7906
                                      • GetLastError.KERNEL32(?,00E96748,00000001,7B1078F4,00E965D4,00E965D4), ref: 00DE67F5
                                      • SysFreeString.OLEAUT32(00E69722), ref: 00DE680B
                                      • SysFreeString.OLEAUT32(?), ref: 00DE681A
                                      • SetLastError.KERNEL32(?), ref: 00DE683E
                                      • GetLastError.KERNEL32(?,?,000000FF,?,00000001,00000000,?,00000001,?,00000000), ref: 00DE693B
                                      • SysFreeString.OLEAUT32(?), ref: 00DE6951
                                      • SysFreeString.OLEAUT32(?), ref: 00DE6960
                                      • SetLastError.KERNEL32(?), ref: 00DE6984
                                      • GetLastError.KERNEL32 ref: 00DE6993
                                      • SysFreeString.OLEAUT32(00E69722), ref: 00DE69A9
                                      • SysFreeString.OLEAUT32(?), ref: 00DE69B8
                                      • SetLastError.KERNEL32(?), ref: 00DE69DC
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeString
                                      • String ID: Pg
                                      • API String ID: 2425351278-754130359
                                      • Opcode ID: ec788c08aef31608a56586eac72649f790cf0df3e89673aa4e32771db83c0782
                                      • Instruction ID: cfb6762c6904e089fa574a2960b174a95839d52970524e240dd0bc04210d852b
                                      • Opcode Fuzzy Hash: ec788c08aef31608a56586eac72649f790cf0df3e89673aa4e32771db83c0782
                                      • Instruction Fuzzy Hash: BD915A71A00258DFDF14EFA9DC88B9DBBB5FF15344F5440A8E409A72A1DB70A988CF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E013CA Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 125COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E013D4
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3_
                                      • String ID: .appx$.appxbundle$.msix$.msixbundle$Hg$Hg$Hg$Hg$Pg$Pg$Pg$Pg
                                      • API String ID: 3339191932-2958669671
                                      • Opcode ID: 119c87677bfa7f8c789355f83487864cd603f2d5b6ac8ecc7882953c3228125c
                                      • Instruction ID: 2e6e55e3b64cf9e3700d5099244ec4fdf79be9ba888d2addb80bc4931ee96a35
                                      • Opcode Fuzzy Hash: 119c87677bfa7f8c789355f83487864cd603f2d5b6ac8ecc7882953c3228125c
                                      • Instruction Fuzzy Hash: 1B5127B1D012189EDB60DFA4DD86BEDB7B5AF45304F2052EB9459B72C1EB704E848F20
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E08C02 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 112COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetWindowRect.USER32(?), ref: 00E08C22
                                      • GetWindowRect.USER32(00000000,?), ref: 00E08C2F
                                      • GetSystemMetrics.USER32(00000001), ref: 00E08C37
                                      • GetSystemMetrics.USER32(00000000), ref: 00E08C3F
                                      • SetRect.USER32(?,00000000,00000000,00000000), ref: 00E08C4C
                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00E08C82
                                      • IsWindow.USER32(00000000), ref: 00E08C8B
                                      • GetWindowRect.USER32(00000000,?), ref: 00E08CA1
                                      • IntersectRect.USER32(?,?,?), ref: 00E08CB3
                                      • SubtractRect.USER32(?,?,?), ref: 00E08CCF
                                      • SetWindowPos.USER32(00000000,?,?,00000000,00000000,00000005,0000001E,0000001E), ref: 00E08D0F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: RectWindow$MetricsSystem$FindIntersectSubtract
                                      • String ID: F$Shell_TrayWnd
                                      • API String ID: 301737298-1447713892
                                      • Opcode ID: 17f1498d1dbae4490e06f2909605587ed1a96ac351fbfc2ab36331182c552036
                                      • Instruction ID: 1ebc2442c12769fc415720f6a7c824715aa3907d3c2cbd60b945b36e5ed13d6e
                                      • Opcode Fuzzy Hash: 17f1498d1dbae4490e06f2909605587ed1a96ac351fbfc2ab36331182c552036
                                      • Instruction Fuzzy Hash: E241CA7290060DAFDB00DFE5DD88AAEBBF9EB48305F240115E506F7161DA74AE49CB61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3EFE3 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 100libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E3EFED
                                      • GetModuleHandleW.KERNEL32(kernel32.dll,CreateToolhelp32Snapshot,000002A8,00E3D49F,00000064,?,00000064,00000000,?,?,?,?,?,00000064,00E3FD36,00E3E8F2), ref: 00E3F005
                                      • GetProcAddress.KERNEL32(00000000), ref: 00E3F008
                                      • GetModuleHandleW.KERNEL32(Kernel32.dll,Process32First), ref: 00E3F043
                                      • GetProcAddress.KERNEL32(00000000), ref: 00E3F046
                                      • GetModuleHandleW.KERNEL32(Kernel32.dll,Process32Next), ref: 00E3F05C
                                      • GetProcAddress.KERNEL32(00000000), ref: 00E3F05F
                                        • Part of subcall function 00E3F155: __EH_prolog3_GS.LIBCMT ref: 00E3F15F
                                        • Part of subcall function 00E3F155: GetModuleHandleW.KERNEL32(Ntdll.dll,NtQueryInformationProcess,?,00000400,?,000004A0,00E3F143,00000000), ref: 00E3F18F
                                        • Part of subcall function 00E3F155: GetProcAddress.KERNEL32(00000000), ref: 00E3F196
                                        • Part of subcall function 00E3F155: OpenProcess.KERNEL32(00000400,00000000,?), ref: 00E3F1C2
                                        • Part of subcall function 00E3F155: _wcslen.LIBCMT ref: 00E3F23A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: AddressHandleModuleProc$H_prolog3_$OpenProcess_wcslen
                                      • String ID: CreateToolhelp32Snapshot$Kernel32.dll$Process32First$Process32Next$kernel32.dll
                                      • API String ID: 537049467-1872946363
                                      • Opcode ID: cdc940a3c4066c73f74414893b1e5c27a4bcabb1258679ecee6b19566d8ca969
                                      • Instruction ID: 63f1e9aedca79dfd66e9c3d6619cc15989bc85dcb5514220ba4d1b09c11cb109
                                      • Opcode Fuzzy Hash: cdc940a3c4066c73f74414893b1e5c27a4bcabb1258679ecee6b19566d8ca969
                                      • Instruction Fuzzy Hash: D9312A71901219EEDF20EBA1DC8DBEEBBB8AF44304F5011A5E509B3182DF749A45CB61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E0E865 Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 350fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00E0E8BA
                                      • GetLastError.KERNEL32(?), ref: 00E0E8CD
                                      • WriteFile.KERNEL32(00000000,00000000,00002800,?,00000000,?,?,00000000,00002800), ref: 00E0E97E
                                      • GetLastError.KERNEL32 ref: 00E0E988
                                      • GetLastError.KERNEL32 ref: 00E0E9C4
                                      • CloseHandle.KERNEL32(00000000,?,?,00000000,00002800), ref: 00E0EA67
                                      • __EH_prolog3_catch_GS.LIBCMT ref: 00E0EAAB
                                      • GetTempPathW.KERNEL32(00000104,00000000,?,00000104), ref: 00E0EBE8
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$File$CloseCreateH_prolog3_catch_HandlePathTempWrite
                                      • String ID: C:\CodeBases\isdev\Src\Runtime\MSI\Shared\Setup\msiaction.cpp$Error opening MSI database: %d$Failed to query Binary table, error: %d$SELECT * FROM `Binary`
                                      • API String ID: 1639436620-3636202701
                                      • Opcode ID: 317e7c3af4bb8a912a1b95d65c22d9d1819409d8ac00ee047a7f2f3a91df5c4c
                                      • Instruction ID: 02c09e09d7c26567d6b2952e7a87208bfd41778ef46f58322ad28844b7553436
                                      • Opcode Fuzzy Hash: 317e7c3af4bb8a912a1b95d65c22d9d1819409d8ac00ee047a7f2f3a91df5c4c
                                      • Instruction Fuzzy Hash: 04E18C70901258DEEB24EB64CD49BEDBBB4AF05304F1494EAE509B72C2DB705E88CF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E00766 Relevance: 21.3, APIs: 1, Strings: 11, Instructions: 323COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetDlgItem.USER32(?,0000040B), ref: 00E0076C
                                        • Part of subcall function 00E0066D: __EH_prolog3.LIBCMT ref: 00E00674
                                        • Part of subcall function 00DE77F0: GetLastError.KERNEL32(7B1078F4,?,00000000), ref: 00DE7834
                                        • Part of subcall function 00DE77F0: SetLastError.KERNEL32(00000000,?,?,00000000), ref: 00DE7906
                                        • Part of subcall function 00E2EE7C: __EH_prolog3_GS.LIBCMT ref: 00E2EE86
                                        • Part of subcall function 00E0101A: __EH_prolog3.LIBCMT ref: 00E01021
                                        • Part of subcall function 00E3C4A5: __EH_prolog3_GS.LIBCMT ref: 00E3C4AF
                                        • Part of subcall function 00DF0809: __EH_prolog3.LIBCMT ref: 00DF0810
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                        • Part of subcall function 00E3C4A5: GetLastError.KERNEL32 ref: 00E3C620
                                        • Part of subcall function 00E3C4A5: __EH_prolog3_catch_GS.LIBCMT ref: 00E3C69A
                                        • Part of subcall function 00E033E8: __EH_prolog3_GS.LIBCMT ref: 00E033F2
                                        • Part of subcall function 00E033E8: IsWindow.USER32(?), ref: 00E0340E
                                        • Part of subcall function 00E033E8: SendMessageW.USER32(?,00001074,?,?), ref: 00E034B8
                                        • Part of subcall function 00E033E8: SendMessageW.USER32(?,0000101E,00000000,000000FE), ref: 00E034C7
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3H_prolog3_$FreeMessageSendString$H_prolog3_catch_ItemWindow
                                      • String ID: %s.%s$Hg$Hg$Hg$Hg$ISSetupPrerequisites$Pg$Pg$Ph}$1B$W'
                                      • API String ID: 1898222327-1817210592
                                      • Opcode ID: 74ed120b8c98fa1506625ff4a14b54f907a9edd00320c963e5afd7d3aa91002e
                                      • Instruction ID: fe71e4a044089eb4296c9d1222638172b415cb20fca5f1d68a82014adafe4c90
                                      • Opcode Fuzzy Hash: 74ed120b8c98fa1506625ff4a14b54f907a9edd00320c963e5afd7d3aa91002e
                                      • Instruction Fuzzy Hash: 48E18670801298DEEB25EBA4CD99BEDBBB4AF54304F5440D8E10977292DB706F88CF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3CF72 Relevance: 21.3, APIs: 2, Strings: 10, Instructions: 312COMMON
                                      Download Yara Rule
                                      APIs
                                      • FindClose.KERNEL32(00000000), ref: 00E3D268
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      • __EH_prolog3_GS.LIBCMT ref: 00E3CF7C
                                        • Part of subcall function 00DF0617: __EH_prolog3.LIBCMT ref: 00DF061E
                                        • Part of subcall function 00DF0617: GetLastError.KERNEL32(00000004,00DF0837,?,00000000,00000004,00DFB8B4,?,00000001,0000006C,00DFC2A9,?,?,.ini,Hg,%ld,?), ref: 00DF0640
                                        • Part of subcall function 00DF0617: SetLastError.KERNEL32(?,?), ref: 00DF0678
                                        • Part of subcall function 00E3C4A5: __EH_prolog3_GS.LIBCMT ref: 00E3C4AF
                                        • Part of subcall function 00DFBA06: __EH_prolog3.LIBCMT ref: 00DFBA0D
                                        • Part of subcall function 00E3CBE6: __EH_prolog3_GS.LIBCMT ref: 00E3CBF0
                                        • Part of subcall function 00E3CBE6: GetModuleHandleW.KERNEL32(kernel32.dll,FindFirstFileW,00000254,00E3D039,?,?), ref: 00E3CC0C
                                        • Part of subcall function 00E3CBE6: GetProcAddress.KERNEL32(00000000), ref: 00E3CC0F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3_$FreeH_prolog3String$AddressCloseFindHandleModuleProc
                                      • String ID: *.*$Hg$Hg$Hg$Hg$Pg$Pg$Pg$Pg$Pg
                                      • API String ID: 1242645803-2090559311
                                      • Opcode ID: f3e8ec8f090df9759d80b4e0fc961d113d227bdc2d51d3a09f81da72e4b13936
                                      • Instruction ID: 1249d0ea6f2620e65dc9266f6e30ea0483810ea2bb1736c86c1b244c2dc2bd4b
                                      • Opcode Fuzzy Hash: f3e8ec8f090df9759d80b4e0fc961d113d227bdc2d51d3a09f81da72e4b13936
                                      • Instruction Fuzzy Hash: D2D1477080425C9BDF21EF64DD4ABEDBBB8AF56308F50418AE408B7282DB715E85CF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E4E422 Relevance: 21.3, APIs: 14, Instructions: 283windowfileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • BitBlt.GDI32(?,?,00E47F08,6A00E850,EC858D25,00000000,00000000,00000000,00CC0020), ref: 00E4DDA6
                                      • PlayMetaFile.GDI32(?,?), ref: 00E4DE09
                                      • DeleteDC.GDI32(00000000), ref: 00E4DE10
                                      • RestoreDC.GDI32(?,?), ref: 00E4DE1A
                                      • GetClientRect.USER32(?,?), ref: 00E4DE40
                                      • BitBlt.GDI32(?,00000000,00000000,6A00E850,EC858D25,00000000,00000000,00000000,00CC0020), ref: 00E4DE61
                                      • GetTickCount.KERNEL32 ref: 00E4E470
                                      • BitBlt.GDI32(?,?,?,?,00000001,?,?,?,00CC0020), ref: 00E4E4C7
                                      • BitBlt.GDI32(?,?,?,00000001,?,?,?,?,00CC0020), ref: 00E4E4F2
                                      • BitBlt.GDI32(?,?,?,?,00000001,?,?,?,00CC0020), ref: 00E4E524
                                      • BitBlt.GDI32(?,?,?,00000001,?,?,?,?,00CC0020), ref: 00E4E556
                                      • BitBlt.GDI32(?,?,?,?,00000001,?,?,00000001,00CC0020), ref: 00E4E5C5
                                      • BitBlt.GDI32(?,?,?,00000001,?,?,?,00000001,00CC0020), ref: 00E4E5FF
                                      • BitBlt.GDI32(?,?,?,?,00000001,?,?,?,00CC0020), ref: 00E4E63E
                                      • BitBlt.GDI32(?,?,?,00000001,?,?,?,00000001,00CC0020), ref: 00E4E67D
                                      • GetTickCount.KERNEL32 ref: 00E4E6A6
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CountTick$ClientDeleteFileMetaPlayRectRestore
                                      • String ID:
                                      • API String ID: 310222626-0
                                      • Opcode ID: 65f94db56f97f2c217f87d032ef3a2c2e1ee8d4453efe4f348e773e36ed12c44
                                      • Instruction ID: a8d285ce15607c1e197f5879672fd6d61b98508cb84bdc405e8abe15c065042a
                                      • Opcode Fuzzy Hash: 65f94db56f97f2c217f87d032ef3a2c2e1ee8d4453efe4f348e773e36ed12c44
                                      • Instruction Fuzzy Hash: D0B1D1B1E00209AFDB04CF99EC85EAEBBB9EF89314F244129F405F7250D771AD418B64
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E1E001 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 167COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E1E01A
                                      • _wcslen.LIBCMT ref: 00E1E03A
                                        • Part of subcall function 00E1F473: __EH_prolog3.LIBCMT ref: 00E1F47A
                                        • Part of subcall function 00E088F0: __EH_prolog3_GS.LIBCMT ref: 00E088FA
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                        • Part of subcall function 00E2062E: __EH_prolog3.LIBCMT ref: 00E20635
                                      • _wcslen.LIBCMT ref: 00E1E0C0
                                      • _wcslen.LIBCMT ref: 00E1E149
                                      • _wcslen.LIBCMT ref: 00E1E1BA
                                      • _wcslen.LIBCMT ref: 00E1E221
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: _wcslen$ErrorFreeH_prolog3H_prolog3_LastString
                                      • String ID: /Q$ /l$ /unc$/p"$Hg$Pg
                                      • API String ID: 2803592896-2101766009
                                      • Opcode ID: 321ffb39b44923b49dff0a5831327145d8dae15d2c965b6ee8a066906a292a12
                                      • Instruction ID: 4554e550b9755bbb0fd26e4e5930e804f1f8a6187984ff2bcdd2fcbc83886547
                                      • Opcode Fuzzy Hash: 321ffb39b44923b49dff0a5831327145d8dae15d2c965b6ee8a066906a292a12
                                      • Instruction Fuzzy Hash: 67519D71901118AADB14F764DD56AFEB7A8FF41300F1482A9E649B7282DF705F84CBB1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E34BE9 Relevance: 21.1, APIs: 14, Instructions: 106windowmemoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E34BF3
                                      • GetObjectW.GDI32(?,00000018,?), ref: 00E34C05
                                      • CreateCompatibleDC.GDI32(00000000), ref: 00E34C28
                                      • SelectObject.GDI32(00000000,?), ref: 00E34C38
                                      • GetDIBColorTable.GDI32(00000000,00000000,00000100,?), ref: 00E34C4D
                                      • GlobalAlloc.KERNEL32(00000042,00000408), ref: 00E34C5C
                                      • GlobalLock.KERNEL32(00000000), ref: 00E34C6C
                                      • GetSystemPaletteEntries.GDI32(?,00000000,0000000A,00000004), ref: 00E34D01
                                      • GetSystemPaletteEntries.GDI32(?,000000F6,0000000A,000003DC), ref: 00E34D16
                                      • CreatePalette.GDI32(00000000), ref: 00E34D1D
                                      • DeleteDC.GDI32(?), ref: 00E34D29
                                      • GetDC.USER32(00000000), ref: 00E34D40
                                      • CreateHalftonePalette.GDI32(00000000), ref: 00E34D49
                                      • ReleaseDC.USER32(00000000,00000000), ref: 00E34D56
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Palette$Create$EntriesGlobalObjectSystem$AllocColorCompatibleDeleteH_prolog3_HalftoneLockReleaseSelectTable
                                      • String ID:
                                      • API String ID: 447354755-0
                                      • Opcode ID: 0a04d82774dfff1df13463525014a6f35864bdce7d2c5499267122c546cf07ab
                                      • Instruction ID: b2e019aac9881ed5b6a1b259d43be485cdc2058b3913a0310a126cceb9552a16
                                      • Opcode Fuzzy Hash: 0a04d82774dfff1df13463525014a6f35864bdce7d2c5499267122c546cf07ab
                                      • Instruction Fuzzy Hash: 13413BB15002889FC7118F61DC4CAEEBFB8EF59304F1480A9F64EB7291CB705A89CB65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E4E720 Relevance: 19.7, APIs: 13, Instructions: 248COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetClientRect.USER32(E4B4E068,?), ref: 00E4E74C
                                      • MulDiv.KERNEL32(?,?,000186A0), ref: 00E4E772
                                      • MulDiv.KERNEL32(?,?,000186A0), ref: 00E4E788
                                      • MulDiv.KERNEL32(?,?,000186A0), ref: 00E4E91E
                                      • MulDiv.KERNEL32(?,?,000186A0), ref: 00E4E932
                                      • GdipCreateFromHDC.GDIPLUS(?,00000000,0008C25D,00E4CC44,0008C25D,?,?,?,?,?,?,?), ref: 00E4E9AA
                                      • GdipSetInterpolationMode.GDIPLUS(00000000,00000007,?,00000000,0008C25D,00E4CC44,0008C25D,?,?,?,?,?,?,?), ref: 00E4E9B8
                                      • GdipDrawImageRectI.GDIPLUS(?,00000000,?,?,?,00000000,00000000,00000007,?,00000000,0008C25D,00E4CC44,0008C25D,?,?,?), ref: 00E4E9D5
                                      • GdipDeleteGraphics.GDIPLUS(?,?,00000000,?,?,?,00000000,00000000,00000007,?,00000000,0008C25D,00E4CC44,0008C25D,?,?), ref: 00E4E9DB
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Gdip$Rect$ClientCreateDeleteDrawFromGraphicsImageInterpolationMode
                                      • String ID:
                                      • API String ID: 2842912273-0
                                      • Opcode ID: 58dac87eda2576fadcaf770c73052af3717cb93a3232cbe1bba8869d0da469ad
                                      • Instruction ID: fd80e0dd52053b4744c23f8eb39f410bde696b802142c431d7145106ef3ee428
                                      • Opcode Fuzzy Hash: 58dac87eda2576fadcaf770c73052af3717cb93a3232cbe1bba8869d0da469ad
                                      • Instruction Fuzzy Hash: D8A1E172D002199FCF14CFA8D985AEEBBF5BF88304F285169E904B7395D775A940CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E636F7 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • ___free_lconv_mon.LIBCMT ref: 00E6373B
                                        • Part of subcall function 00E63271: _free.LIBCMT ref: 00E6328E
                                        • Part of subcall function 00E63271: _free.LIBCMT ref: 00E632A0
                                        • Part of subcall function 00E63271: _free.LIBCMT ref: 00E632B2
                                        • Part of subcall function 00E63271: _free.LIBCMT ref: 00E632C4
                                        • Part of subcall function 00E63271: _free.LIBCMT ref: 00E632D6
                                        • Part of subcall function 00E63271: _free.LIBCMT ref: 00E632E8
                                        • Part of subcall function 00E63271: _free.LIBCMT ref: 00E632FA
                                        • Part of subcall function 00E63271: _free.LIBCMT ref: 00E6330C
                                        • Part of subcall function 00E63271: _free.LIBCMT ref: 00E6331E
                                        • Part of subcall function 00E63271: _free.LIBCMT ref: 00E63330
                                        • Part of subcall function 00E63271: _free.LIBCMT ref: 00E63342
                                        • Part of subcall function 00E63271: _free.LIBCMT ref: 00E63354
                                        • Part of subcall function 00E63271: _free.LIBCMT ref: 00E63366
                                      • _free.LIBCMT ref: 00E63730
                                        • Part of subcall function 00E5FB45: HeapFree.KERNEL32(00000000,00000000,?,00E63406,?,00000000,?,00000000,?,00E6342D,?,00000007,?,?,00E6388F,?), ref: 00E5FB5B
                                        • Part of subcall function 00E5FB45: GetLastError.KERNEL32(?,?,00E63406,?,00000000,?,00000000,?,00E6342D,?,00000007,?,?,00E6388F,?,?), ref: 00E5FB6D
                                      • _free.LIBCMT ref: 00E63752
                                      • _free.LIBCMT ref: 00E63767
                                      • _free.LIBCMT ref: 00E63772
                                      • _free.LIBCMT ref: 00E63794
                                      • _free.LIBCMT ref: 00E637A7
                                      • _free.LIBCMT ref: 00E637B5
                                      • _free.LIBCMT ref: 00E637C0
                                      • _free.LIBCMT ref: 00E637F8
                                      • _free.LIBCMT ref: 00E637FF
                                      • _free.LIBCMT ref: 00E6381C
                                      • _free.LIBCMT ref: 00E63834
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                      • String ID:
                                      • API String ID: 161543041-0
                                      • Opcode ID: 0379796a3f6b69fcd9a549b0d4f7ef85fcafd1716e513de595ffb077782c8777
                                      • Instruction ID: 1a42a5effb1c4f3b485747645a940599a9e1b8b1e5f308b6227c92c980098d73
                                      • Opcode Fuzzy Hash: 0379796a3f6b69fcd9a549b0d4f7ef85fcafd1716e513de595ffb077782c8777
                                      • Instruction Fuzzy Hash: 543190B1640701DFDB61AA39E949B96B7E9EF01395F10682AF448F7191DF70BE848710
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E36E7E Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 170registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E36E85
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                        • Part of subcall function 00DE6B40: GetLastError.KERNEL32(7B1078F4), ref: 00DE6B91
                                        • Part of subcall function 00DE6B40: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE6C0A
                                        • Part of subcall function 00E202A8: __EH_prolog3_GS.LIBCMT ref: 00E202AF
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      • RegCloseKey.ADVAPI32(?,?,Hg,00000000,0000000A,?,Hg,00000000,0000000A,00000078,00E36E67,?,?), ref: 00E37086
                                      • RegCloseKey.ADVAPI32(00000000,?,Hg,00000000,0000000A,?,Hg,00000000,0000000A,00000078,00E36E67,?,?), ref: 00E370AC
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$CloseFreeH_prolog3_String
                                      • String ID: 1.20.1827.0$CSDVersion$Hg$Hg$MajorVer$Pg$ServicePack$System\CurrentControlSet\Control\Windows
                                      • API String ID: 3979909705-911548569
                                      • Opcode ID: fb5b17e8c889e7f7d9f694bd8fa1fa1bdab5beef1684a6dc419bbccca35dfa89
                                      • Instruction ID: 46541d46a10f05b4f6799881d3f91d63dc676fca76c89ea324e21c15e3d5c8dd
                                      • Opcode Fuzzy Hash: fb5b17e8c889e7f7d9f694bd8fa1fa1bdab5beef1684a6dc419bbccca35dfa89
                                      • Instruction Fuzzy Hash: DA614A71D04218EBDF24EFA0C989BDDBBB4FB04314F20526AE505B7292DB705A09DF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E07064 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 144COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E0706B
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                        • Part of subcall function 00E2050D: __EH_prolog3_GS.LIBCMT ref: 00E20517
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                        • Part of subcall function 00E202A8: __EH_prolog3_GS.LIBCMT ref: 00E202AF
                                        • Part of subcall function 00E06F26: __EH_prolog3_GS.LIBCMT ref: 00E06F30
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorH_prolog3_Last$FreeString
                                      • String ID: CustomRetCode$CustomRetCodeOnAbort$CustomRetCodeOnFail$CustomRetCodeOnSuccess$Hg$Hg$Pg$Pg$ScriptDriven$Startup
                                      • API String ID: 529395258-2843054213
                                      • Opcode ID: 60560c5e62763f91c4cc44b55146bbe8487933b6eba3c1f7700cd8b745d72383
                                      • Instruction ID: 015888aa7d9d0cb5773fd4fd6afa0dc35d2831423bec949f75ab9ac8ea788644
                                      • Opcode Fuzzy Hash: 60560c5e62763f91c4cc44b55146bbe8487933b6eba3c1f7700cd8b745d72383
                                      • Instruction Fuzzy Hash: 06516070904219DFDB10EFE0C986AEDB7B8FF45348F60125AE055B32D1E7706A49CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3837B Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 115synchronizationwindowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E38385
                                        • Part of subcall function 00DFF6FA: __EH_prolog3.LIBCMT ref: 00DFF701
                                      • ShellExecuteExW.SHELL32(0000003C), ref: 00E38441
                                      • WaitForSingleObject.KERNEL32(?,00000000), ref: 00E384C1
                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E384D6
                                      • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00E384F0
                                      • GetExitCodeProcess.KERNEL32(?,CCCCCCCC), ref: 00E3850B
                                      • CloseHandle.KERNEL32(?), ref: 00E38522
                                        • Part of subcall function 00E03ECA: __EH_prolog3_GS.LIBCMT ref: 00E03ED4
                                        • Part of subcall function 00E03ECA: GetVersionExW.KERNEL32(?,00000184,00E033D9,00000000,?,?,00000010,00E02DB2,?,?), ref: 00E03F02
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_Wait$CloseCodeExecuteExitH_prolog3HandleMessageMultipleObjectObjectsPeekProcessShellSingleVersion
                                      • String ID: <$@
                                      • API String ID: 3294370939-1426351568
                                      • Opcode ID: fa089e005c5292cabf373e09e7cc9c63cb82c5a89ba9a2281c5f01c617fbb47f
                                      • Instruction ID: 74192372aa81dbbed17c8e61123bcd83edb69dd02877732eade0f846ae1eb91e
                                      • Opcode Fuzzy Hash: fa089e005c5292cabf373e09e7cc9c63cb82c5a89ba9a2281c5f01c617fbb47f
                                      • Instruction Fuzzy Hash: 6651E0B190032ADFDB61DF65DD88BE9BAB8BB04315F1041EAE529B2250DB709E84CF50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E4C170 Relevance: 18.1, APIs: 4, Strings: 8, Instructions: 147COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(7B1078F4,?,?,00000001), ref: 00E4C1B2
                                      • SetLastError.KERNEL32(00E96750), ref: 00E4C1E9
                                        • Part of subcall function 00DE77F0: GetLastError.KERNEL32(7B1078F4,?,00000000), ref: 00DE7834
                                        • Part of subcall function 00DE77F0: SetLastError.KERNEL32(00000000,?,?,00000000), ref: 00DE7906
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast
                                      • String ID: Hg$Hg$Hg$Hg$Pg$Pg$Pg$Pg
                                      • API String ID: 1452528299-3076760023
                                      • Opcode ID: 66799bc854b6fc72ce2ffb0d779227366aa0600bc5f2818b19d763ab5d48a44b
                                      • Instruction ID: be8e91a178dfa01cb8833958f52ff1e837389482ce623437f1ede7918b2464b7
                                      • Opcode Fuzzy Hash: 66799bc854b6fc72ce2ffb0d779227366aa0600bc5f2818b19d763ab5d48a44b
                                      • Instruction Fuzzy Hash: 5951FF71E016589FCF54DFA9E885B9DBBF4FB09308F60516AE419B3290EB705A48CF60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DFE93C Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 193libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00DFE946
                                      • GetProcAddress.KERNEL32(?,RunISMSISetup), ref: 00DFE95E
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                      • GetModuleFileNameW.KERNEL32(00000000,00000400,?,00000000), ref: 00DFE9DF
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$AddressFileH_prolog3_ModuleNameProc
                                      • String ID: Hg$Pg$Pg$ProductCode$RunISMSISetup$Startup$setup.ini
                                      • API String ID: 3111802541-2098737308
                                      • Opcode ID: 4b44dbb641c71fb18465caa3c5300750bbee60920abeb8dcdf5d0eb79390cce5
                                      • Instruction ID: e72d20b0d3c0df6464574ec3d33775d9f79ebfdee10bbfbac437cbc14ab69b2d
                                      • Opcode Fuzzy Hash: 4b44dbb641c71fb18465caa3c5300750bbee60920abeb8dcdf5d0eb79390cce5
                                      • Instruction Fuzzy Hash: BF915B318112A8DFDB25EBA4CC85BDDBBB4AF15304F5041D9E149B7292DBB05B48CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E16B9C Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 191COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E16BA6
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                        • Part of subcall function 00DE77F0: GetLastError.KERNEL32(7B1078F4,?,00000000), ref: 00DE7834
                                        • Part of subcall function 00DE77F0: SetLastError.KERNEL32(00000000,?,?,00000000), ref: 00DE7906
                                        • Part of subcall function 00E0A0E7: __EH_prolog3_catch.LIBCMT ref: 00E0A0EE
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3_H_prolog3_catch
                                      • String ID: /n %s$:InstanceId%d.mst$Hg$Hg$Hg$MSINEWINSTANCE=1$Pg$Pg$Pg
                                      • API String ID: 586586838-1716045249
                                      • Opcode ID: 51f0bebbf1e3b77aab33210f4f648243781fffccbbe4e5d120d8c5f603cc9dbd
                                      • Instruction ID: a38dcd74b4c20f5f05dc9ae0fabbc81b546fafb085c74f993aae7569f3e416de
                                      • Opcode Fuzzy Hash: 51f0bebbf1e3b77aab33210f4f648243781fffccbbe4e5d120d8c5f603cc9dbd
                                      • Instruction Fuzzy Hash: 51711A71D04258DBDF24EFA4C885BDDBBB4FB14304F2051AAE549B7282DB709A85CFA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E0F6F9 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 176windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00E0F700
                                        • Part of subcall function 00DE8330: SysFreeString.OLEAUT32(?), ref: 00DE8344
                                      • GetErrorInfo.OLEAUT32(00000000,00000000,00000024,00E0AC27,?,00000001,?,00000001,00000008,00E0C903,00000000), ref: 00E0F736
                                      • _wcslen.LIBCMT ref: 00E0F7A6
                                      • CLSIDFromProgID.OLE32(?,00000000,00000000,00000000), ref: 00E0F84B
                                      • _wcslen.LIBCMT ref: 00E0F82B
                                        • Part of subcall function 00DE8130: SysAllocStringLen.OLEAUT32(00000000,?), ref: 00DE81BE
                                        • Part of subcall function 00DE8130: SysFreeString.OLEAUT32(?), ref: 00DE81EE
                                      • FormatMessageW.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000), ref: 00E0F875
                                      • _wcslen.LIBCMT ref: 00E0F894
                                      • LocalFree.KERNEL32(00000000,00E965D4,00000000), ref: 00E0F8A7
                                      • _wcslen.LIBCMT ref: 00E0F8B5
                                        • Part of subcall function 00DE7930: SysStringLen.OLEAUT32(00000000), ref: 00DE793A
                                        • Part of subcall function 00DE7930: SysReAllocStringLen.OLEAUT32(00000000,00000009,00000008), ref: 00DE7955
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: String$_wcslen$Free$Alloc$ErrorFormatFromH_prolog3InfoLocalMessageProg
                                      • String ID: Unknown error
                                      • API String ID: 4091391699-83687255
                                      • Opcode ID: a2bde805fd59ca39170b7e28b9d9a0ba01387c0cb5471d4283e4417771fca0d0
                                      • Instruction ID: 0aabb651f40541ed6fc444cf90631d41d0197140641acf41675f70f3e12bb49e
                                      • Opcode Fuzzy Hash: a2bde805fd59ca39170b7e28b9d9a0ba01387c0cb5471d4283e4417771fca0d0
                                      • Instruction Fuzzy Hash: 7B619971900654DFDF05EFA4CC45BAEBBA8EF45310F1401A9E815BB292DBB0AE45CBB1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DF4AF9 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 164COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00DF4B00
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                      • GetWindowsDirectoryW.KERNEL32(00000000,00000104,?,00000000), ref: 00DF4B7D
                                      • GetWindowsDirectoryW.KERNEL32(00000000,00000104,?,00000000), ref: 00DF4C23
                                      • GetSystemDirectoryW.KERNEL32(00000000,00000104), ref: 00DF4CC8
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Directory$ErrorLastWindows$H_prolog3_System
                                      • String ID: @o$Hg$Ho$Pg$sysnative$syswow64
                                      • API String ID: 4280220261-3796964652
                                      • Opcode ID: 79ec61d5679470bae353382e4e6c77d820fcfbee0c1898d8cee5c1384b1c9517
                                      • Instruction ID: 9778630579afe074facf192e3df483ec4992bc133ac299bccdc686ed630cc74c
                                      • Opcode Fuzzy Hash: 79ec61d5679470bae353382e4e6c77d820fcfbee0c1898d8cee5c1384b1c9517
                                      • Instruction Fuzzy Hash: 67617E71C0525CDEDB20EFA4C985BEDBBB4BF50304F248199E605B7292CB700A49CF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E43600 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 161stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00E43607
                                      • SetLastError.KERNEL32(00002EE6,?,00000000,00000001), ref: 00E43673
                                      • lstrcmpiW.KERNEL32(?,?,?,00000000,00000001), ref: 00E436E3
                                      • lstrlenW.KERNEL32(?), ref: 00E4371C
                                      • lstrcpyW.KERNEL32(00000000,?), ref: 00E43742
                                      • lstrlenW.KERNEL32(?,?,00000000,00000001), ref: 00E4374B
                                      • lstrcpyW.KERNEL32(00000000,?), ref: 00E43773
                                      • lstrcatW.KERNEL32(?,?), ref: 00E43784
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: lstrcpylstrlen$ErrorH_prolog3Lastlstrcatlstrcmpi
                                      • String ID: <$GET
                                      • API String ID: 152113618-427699995
                                      • Opcode ID: 312c5ce3588e8ee844890c240348f08e224c86f804c3b70f4bddb409e78ccf1f
                                      • Instruction ID: fccc87c5dba7df831fd3a6d46de0a2d0a4bce667acd8e58ec4975abcd69459e7
                                      • Opcode Fuzzy Hash: 312c5ce3588e8ee844890c240348f08e224c86f804c3b70f4bddb409e78ccf1f
                                      • Instruction Fuzzy Hash: 5D516E72500119EFDF169FB5DC09EAEBF75FF04310F045029F909AA261CB718A11DB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E44162 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 119stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(?,00E442C1,?,00000000,?,00000001,Ho,00E1CBBB,?,000000FF,00000000,0000008C,?,00EAD838,00E86F40,00000001), ref: 00E44192
                                      • wsprintfW.USER32 ref: 00E441C6
                                      • lstrcatW.KERNEL32(?,?), ref: 00E441DA
                                      • ResetEvent.KERNEL32(?,00000002,?,00E442C1,?,00000000,?,00000001,Ho,00E1CBBB,?,000000FF,00000000,0000008C,?,00EAD838), ref: 00E441E9
                                      • GetLastError.KERNEL32(?,00E442C1,?,00000000,?,00000001,Ho,00E1CBBB,?,000000FF,00000000,0000008C,?,00EAD838,00E86F40,00000001), ref: 00E441F5
                                      • _wcslen.LIBCMT ref: 00E4421C
                                      • ResetEvent.KERNEL32(0000000E,00000002,?,00E442C1,?,00000000,?,00000001,Ho,00E1CBBB,?,000000FF,00000000,0000008C,?,00EAD838), ref: 00E44259
                                      • _wcslen.LIBCMT ref: 00E44264
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorEventLastReset_wcslen$lstrcatwsprintf
                                      • String ID: Range: bytes=%d-$Range: bytes=%d-
                                      • API String ID: 2192984787-791809254
                                      • Opcode ID: 1c7877ee8a798b017dbbac329402144a737cc0a0771e2dd316d8b9d39ce5c0bd
                                      • Instruction ID: 077f71cc0febd19f460922d9683b5b5a8012161e2eeb13105fc72371a38d3a2d
                                      • Opcode Fuzzy Hash: 1c7877ee8a798b017dbbac329402144a737cc0a0771e2dd316d8b9d39ce5c0bd
                                      • Instruction Fuzzy Hash: 2F417DB1200100EFDF154F65EC88F6A7BB9FF4530471450A8FD06AA2AADB71DC84DB24
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DFCDE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 117COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00DFCDE7
                                      • DefWindowProcW.USER32(?,?,?,?,0000006C), ref: 00DFCE1B
                                      • GetWindowLongW.USER32(?,000000EB), ref: 00DFCE31
                                      • BeginPaint.USER32(?,?), ref: 00DFCE41
                                      • EndPaint.USER32(?,?,?,00000000,00000000,00000000,?), ref: 00DFCE6C
                                      • GetWindowLongW.USER32(?,000000EB), ref: 00DFCE7A
                                      • SetWindowLongW.USER32(?,000000EB,00000000), ref: 00DFCEC2
                                      • GetClientRect.USER32(?,?), ref: 00DFCECF
                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000256), ref: 00DFCF1D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Window$Long$Paint$BeginClientH_prolog3_ProcRect
                                      • String ID: GIF
                                      • API String ID: 4259225933-881873598
                                      • Opcode ID: 69a61c7a687be73c1535bbbac381237d18557875738670a1b8d95f2df77986a2
                                      • Instruction ID: 2b1075eaa4db7a667a2cfe6c9a42c58ad73b801ac69754dd04feb562701335b8
                                      • Opcode Fuzzy Hash: 69a61c7a687be73c1535bbbac381237d18557875738670a1b8d95f2df77986a2
                                      • Instruction Fuzzy Hash: DD413D7190460CEFCB109FA5DE499BEBEBAFF44310B258259F559B72A1CB318D24DB20
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E2C423 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 74COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: _wcslen$H_prolog3_TextWindow
                                      • String ID: C:\CodeBases\isdev\Src\Runtime\Shared\Setup\SetupPreRequisite.cpp$Hg$Pg$PrereqEngine: $xn
                                      • API String ID: 3769798839-585874037
                                      • Opcode ID: 858f0ae5c1269508c3c34c852e87ab89b3fb0fcd45db64a08f013e8a8c6ef121
                                      • Instruction ID: 8e666d5985f9c304fc749cdf7259fe37f029ba9ec91d5b0a991e5a52601e82a1
                                      • Opcode Fuzzy Hash: 858f0ae5c1269508c3c34c852e87ab89b3fb0fcd45db64a08f013e8a8c6ef121
                                      • Instruction Fuzzy Hash: 3221F7B1640250ABDB14FBB1DC5ABEFB7A8EB40344F141119F419B7282CB70AE09C7B1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E477C0 Relevance: 16.6, APIs: 7, Strings: 4, Instructions: 135COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(7B1078F4), ref: 00E4780E
                                      • SetLastError.KERNEL32(?), ref: 00E4784D
                                      • GetLastError.KERNEL32 ref: 00E4787A
                                      • SetLastError.KERNEL32(Pg), ref: 00E478B2
                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00E9672E,00000000,00000000,00000000), ref: 00E478D3
                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 00E4791E
                                      • SetLastError.KERNEL32(00E96748), ref: 00E4792E
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$ByteCharMultiWide
                                      • String ID: .g$Hg$Pg$Pg
                                      • API String ID: 3361762293-2961438926
                                      • Opcode ID: c6af49bacdc03205c09d66000ddd84c9f205b60506797623059bc4d601e3d5e0
                                      • Instruction ID: ac6d615487199bd5778edd4f05de80c8f0437b76442a3b6ba79698612c7de250
                                      • Opcode Fuzzy Hash: c6af49bacdc03205c09d66000ddd84c9f205b60506797623059bc4d601e3d5e0
                                      • Instruction Fuzzy Hash: C551DFB1E04619EFCB14DFA9E889B9DBBF4FF08704F10812AE519E7650DB70A914CB94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E0D10B Relevance: 16.2, APIs: 3, Strings: 6, Instructions: 403windowstringCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00E0CD67: _wcslen.LIBCMT ref: 00E0CD82
                                      • SendMessageW.USER32(?,00000401,00000000,00000001), ref: 00E0D18C
                                        • Part of subcall function 00E378E3: __EH_prolog3_GS.LIBCMT ref: 00E378ED
                                        • Part of subcall function 00E378E3: wsprintfW.USER32 ref: 00E3792F
                                        • Part of subcall function 00E378E3: wvsprintfW.USER32(?,?,?), ref: 00E3794A
                                        • Part of subcall function 00E0A824: __EH_prolog3_GS.LIBCMT ref: 00E0A82B
                                        • Part of subcall function 00E0A824: _wcslen.LIBCMT ref: 00E0A86F
                                        • Part of subcall function 00E0A824: SetLastError.KERNEL32(00000000,00000000,00000000,?,?,?,?,00000000,?,?,00000001), ref: 00E0A88C
                                        • Part of subcall function 00DFC203: __EH_prolog3_GS.LIBCMT ref: 00DFC20D
                                      • lstrcmpW.KERNEL32(?,00E965D4,?,?), ref: 00E0D655
                                      • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 00E0D6E4
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_$MessageSend_wcslen$ErrorLastlstrcmpwsprintfwvsprintf
                                      • String ID: C:\CodeBases\isdev\Src\Runtime\MSI\Shared\Setup\msiaction.cpp$C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}$DownloadFiles: %s$DownloadFiles: downloading %s$Hg$Pg
                                      • API String ID: 650490880-1698785886
                                      • Opcode ID: 71ac721d965a504a4a8395df3661784d60241e998973692595887b5482e5f0f0
                                      • Instruction ID: 55736c7232f41cb355eb4eb211c82799ea54ffda12edf7e8ec34720d06b44326
                                      • Opcode Fuzzy Hash: 71ac721d965a504a4a8395df3661784d60241e998973692595887b5482e5f0f0
                                      • Instruction Fuzzy Hash: FF027B71905258DFDB20EBA4CD95BDDB7F8EB15304F1481E9E109A7281EB70AB88CF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E4EAF0 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 341fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(7B1078F4,?), ref: 00E4EB4B
                                      • SetLastError.KERNEL32(00E8CFA4,00E965D4,00E965D2), ref: 00E4EBB8
                                      • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,000000FF,000000FF,00000001,?,?,000000FF,000000FF,00000001), ref: 00E4EE19
                                      • GetFileSize.KERNEL32(00000000,?), ref: 00E4EE3C
                                      • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?), ref: 00E4EE79
                                      • CloseHandle.KERNEL32(00000000), ref: 00E4EF4C
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: File$ErrorLast$CloseCreateHandleReadSize
                                      • String ID: .bmp$.dll$.wmf
                                      • API String ID: 1299193081-3416278894
                                      • Opcode ID: a4a263c6b2cdc1069b3518cd22ab63f199c748f1039b2e18f2c382bcd61a4f5c
                                      • Instruction ID: 58f9e8868dc7fa1c09bdd32653764945af75d83a638c18e90f4f070a812a999b
                                      • Opcode Fuzzy Hash: a4a263c6b2cdc1069b3518cd22ab63f199c748f1039b2e18f2c382bcd61a4f5c
                                      • Instruction Fuzzy Hash: B6D19F75E002189EDF20DFA5EC85BEEB7B4BF44314F141269E919B32D1EB709A48CB61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E0EC0B Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 286fileCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00E3D8F9: __EH_prolog3_GS.LIBCMT ref: 00E3D903
                                        • Part of subcall function 00E3D8F9: AllocateAndInitializeSid.ADVAPI32(?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0000014C,00E0EC27), ref: 00E3D965
                                        • Part of subcall function 00E3D8F9: FreeSid.ADVAPI32(00000000), ref: 00E3DCAD
                                        • Part of subcall function 00E3D8F9: FreeSid.ADVAPI32(?), ref: 00E3DCC8
                                        • Part of subcall function 00E3D8F9: FreeSid.ADVAPI32(00000000), ref: 00E3DCE3
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      • GetTempPathW.KERNEL32(00000104,00000000,?,00000104,00000000,00000001,00000000,00000001,?,ISSetup.dll,00000000,00000001,00000000,00000001,00000000,?), ref: 00E0EF86
                                        • Part of subcall function 00DF132B: GetLastError.KERNEL32(7B1078F4,00000001,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00E6A2C4), ref: 00DF1358
                                        • Part of subcall function 00DF132B: _wcslen.LIBCMT ref: 00DF1380
                                        • Part of subcall function 00DF132B: SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00E6A2C4,000000FF), ref: 00DF13C9
                                        • Part of subcall function 00DFC824: __EH_prolog3.LIBCMT ref: 00DFC82B
                                        • Part of subcall function 00DF40BE: SysStringLen.OLEAUT32(?), ref: 00DF40C7
                                        • Part of subcall function 00DF40BE: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 00DF40E2
                                      • GetTempFileNameW.KERNEL32(?,iss,00000000,00000000,?,00000104), ref: 00E0EFD7
                                        • Part of subcall function 00E0E865: CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00E0E8BA
                                        • Part of subcall function 00E0E865: GetLastError.KERNEL32(?), ref: 00E0E8CD
                                      • DeleteFileW.KERNEL32(?,?), ref: 00E0F029
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorFreeLast$String$File$Temp$AllocAllocateCreateDeleteH_prolog3H_prolog3_InitializeNamePath_wcslen
                                      • String ID: C:\CodeBases\isdev\Src\Runtime\MSI\Shared\Setup\msiaction.cpp$Failed to execute query on Binary table, error: %d$Failed to query Binary table, error: %d$ISSetup.dll$SELECT * FROM `Binary`$iss
                                      • API String ID: 3750608298-2411732128
                                      • Opcode ID: 4095f41c40b75069bc46d00eacebf6d9cd80a44dbc9123d84ab91fe8a56ac0f5
                                      • Instruction ID: 3da209e951ff3dfe33dfda15a17eed8f52789383e0c2890a49beb8dba8d2004e
                                      • Opcode Fuzzy Hash: 4095f41c40b75069bc46d00eacebf6d9cd80a44dbc9123d84ab91fe8a56ac0f5
                                      • Instruction Fuzzy Hash: 9ED14970801298DADB21EBA4CD49BEDBBB4AF11304F1485E9E14A77292DB701F88DF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3E5F5 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 252processCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E3E5FF
                                      • CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000000,?,00EBEED0,00E3F710,?,00000000), ref: 00E3E71A
                                      • GetLastError.KERNEL32 ref: 00E3E735
                                      • ShellExecuteExW.SHELL32(?), ref: 00E3E863
                                      • WaitForInputIdle.USER32(?,000003E8), ref: 00E3E8D9
                                      • GetExitCodeProcess.KERNEL32(?,00EBEECC), ref: 00E3E8FD
                                      • GetLastError.KERNEL32 ref: 00E3E907
                                        • Part of subcall function 00E088F0: __EH_prolog3_GS.LIBCMT ref: 00E088FA
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                        • Part of subcall function 00DFB88D: __EH_prolog3_GS.LIBCMT ref: 00DFB894
                                        • Part of subcall function 00DFB88D: _wcslen.LIBCMT ref: 00DFB8BE
                                        • Part of subcall function 00E04CBF: __EH_prolog3_GS.LIBCMT ref: 00E04CC6
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorH_prolog3_Last$FreeProcessString$CodeCreateExecuteExitIdleInputShellWait_wcslen
                                      • String ID: Pg$P
                                      • API String ID: 1423594786-2556992382
                                      • Opcode ID: 4ef7e5e482dde00f0f3c1fe669ca79c43c969e608b48d7455e1a9ab246dca469
                                      • Instruction ID: 7a1d2b84b953ae776aeea876f7e06cc0a561380f768e530f3fda4b38e768b389
                                      • Opcode Fuzzy Hash: 4ef7e5e482dde00f0f3c1fe669ca79c43c969e608b48d7455e1a9ab246dca469
                                      • Instruction Fuzzy Hash: DAA15E71C00248DFDB20EFA5C885BDE7BB8FF55304F50915AE919A7391EB709A48CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E2E9F4 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 219registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E2E9FE
                                      • RegOpenKeyExW.ADVAPI32(80000002,SYSTEM\CurrentControlSet\Control\Session Manager\Environment,00000000,00020019,?,000000BC,00E2F759,?,Hg), ref: 00E2EA3E
                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000001), ref: 00E2ECF4
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                      • RegEnumValueW.ADVAPI32(?,00000000,00000000,?,00000000,?,00000400,?,?,00000001,?,00000000), ref: 00E2EB34
                                      • RegEnumValueW.ADVAPI32(?,?,00000400,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?), ref: 00E2EBF9
                                      • RegCloseKey.ADVAPI32(?,?,00000001,?,?,?,?,?,?,?,?,00000001), ref: 00E2EC9C
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$CloseEnumFreeStringValue$H_prolog3_Open
                                      • String ID: Hg$Pg$SYSTEM\CurrentControlSet\Control\Session Manager\Environment
                                      • API String ID: 682260877-1512747609
                                      • Opcode ID: 274cce0ff5033fe8ff72ee377196a086063af7da207d137de7fddb322638a794
                                      • Instruction ID: c6611a01b7e7cfa91617f8734a51af2024769ab44319acfa6c644f1df9f2c2cd
                                      • Opcode Fuzzy Hash: 274cce0ff5033fe8ff72ee377196a086063af7da207d137de7fddb322638a794
                                      • Instruction Fuzzy Hash: 5DA11371C042A8DEDB24DBA5D885BDDBBB4FF15304F6440AEE109B3252DB701A88DFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E06C44 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 198COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E06C4E
                                        • Part of subcall function 00DF0809: __EH_prolog3.LIBCMT ref: 00DF0810
                                        • Part of subcall function 00E087BC: __EH_prolog3_GS.LIBCMT ref: 00E087C3
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                        • Part of subcall function 00DF099E: __EH_prolog3.LIBCMT ref: 00DF09A5
                                        • Part of subcall function 00DF070A: __EH_prolog3.LIBCMT ref: 00DF0711
                                        • Part of subcall function 00DF070A: GetLastError.KERNEL32(00000004,00DE4709,00E965D4,?,00000000), ref: 00DF0733
                                        • Part of subcall function 00DF070A: SetLastError.KERNEL32(?,?,?), ref: 00DF0774
                                        • Part of subcall function 00DFBA06: __EH_prolog3.LIBCMT ref: 00DFBA0D
                                        • Part of subcall function 00E3F954: __EH_prolog3_GS.LIBCMT ref: 00E3F95B
                                        • Part of subcall function 00E3F954: RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,Pg,?,00000000,0000005C,00E06D4E,?,-80000001,?,?), ref: 00E3F9D3
                                        • Part of subcall function 00E3F954: RegCloseKey.ADVAPI32(?,Hg,00000000,?,00000000,0000005C,00E06D4E,?,-80000001,?,?), ref: 00E3FA53
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                        • Part of subcall function 00DF5B9A: __EH_prolog3.LIBCMT ref: 00DF5BA1
                                        • Part of subcall function 00DF40BE: SysStringLen.OLEAUT32(?), ref: 00DF40C7
                                        • Part of subcall function 00DF40BE: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 00DF40E2
                                        • Part of subcall function 00DF678B: __EH_prolog3_GS.LIBCMT ref: 00DF6795
                                        • Part of subcall function 00DF678B: _wcslen.LIBCMT ref: 00DF67B7
                                        • Part of subcall function 00DF678B: _wcslen.LIBCMT ref: 00DF67EC
                                        • Part of subcall function 00DF678B: SysStringLen.OLEAUT32(?), ref: 00DF68BB
                                        • Part of subcall function 00DF678B: SysFreeString.OLEAUT32(?), ref: 00DF68CA
                                      • _wcslen.LIBCMT ref: 00E06E20
                                        • Part of subcall function 00DF3FA5: _wcslen.LIBCMT ref: 00DF3FCD
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLastString$H_prolog3$H_prolog3__wcslen$Free$AllocCloseQueryValue
                                      • String ID: 4q$Hg$Hg$Pg$Pg$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$UninstallString
                                      • API String ID: 2216820405-3416176432
                                      • Opcode ID: ab060c117c6785360037722a3cffdf540fb9dc5e07422e6bfa98853cba48f677
                                      • Instruction ID: 0792bad4707fe5861447b0cb40dc1fc75873846c2c89ed9bc74dfb5fbf1c70b5
                                      • Opcode Fuzzy Hash: ab060c117c6785360037722a3cffdf540fb9dc5e07422e6bfa98853cba48f677
                                      • Instruction Fuzzy Hash: F0818C30D0125CEEDB24EBA4CC86BEDBBB4AF55304F1480D9E549A7182DBB41F88CB61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E1EE90 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 178COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E1EE9A
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                        • Part of subcall function 00DF40BE: SysStringLen.OLEAUT32(?), ref: 00DF40C7
                                        • Part of subcall function 00DF40BE: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 00DF40E2
                                        • Part of subcall function 00DF5B9A: __EH_prolog3.LIBCMT ref: 00DF5BA1
                                        • Part of subcall function 00DF678B: __EH_prolog3_GS.LIBCMT ref: 00DF6795
                                        • Part of subcall function 00DF678B: _wcslen.LIBCMT ref: 00DF67B7
                                        • Part of subcall function 00DF678B: _wcslen.LIBCMT ref: 00DF67EC
                                        • Part of subcall function 00DF678B: SysStringLen.OLEAUT32(?), ref: 00DF68BB
                                        • Part of subcall function 00DF678B: SysFreeString.OLEAUT32(?), ref: 00DF68CA
                                        • Part of subcall function 00DF678B: SysFreeString.OLEAUT32(?), ref: 00DF690F
                                      • _wcslen.LIBCMT ref: 00E1EFE2
                                        • Part of subcall function 00E088F0: __EH_prolog3_GS.LIBCMT ref: 00E088FA
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                        • Part of subcall function 00DF84B6: __EH_prolog3.LIBCMT ref: 00DF84BD
                                      • _wcslen.LIBCMT ref: 00E1F06E
                                        • Part of subcall function 00DE8130: SysAllocStringLen.OLEAUT32(00000000,?), ref: 00DE81BE
                                        • Part of subcall function 00DE8130: SysFreeString.OLEAUT32(?), ref: 00DE81EE
                                        • Part of subcall function 00E006A4: __EH_prolog3.LIBCMT ref: 00E006AB
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: String$Free$ErrorLast_wcslen$H_prolog3H_prolog3_$Alloc
                                      • String ID: Hg$IS_temp$Pg$eprq$runfromtemp$tempdisk1folder
                                      • API String ID: 3430136077-2071242443
                                      • Opcode ID: 143941abe5dbce1ba9c4af7b498ef8a4b3a7fd15e9d0f8fb807f684cebb9e43c
                                      • Instruction ID: 8b5113a723779d25306bcd5627cbeb60eaaf0739c33f26a56b0a3cd7b9a20817
                                      • Opcode Fuzzy Hash: 143941abe5dbce1ba9c4af7b498ef8a4b3a7fd15e9d0f8fb807f684cebb9e43c
                                      • Instruction Fuzzy Hash: B8711B71901258EEDB14EBA4CD91BEEB7B8AF55304F50809AE14977282DBB05F88CB71
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE6C60 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 155COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(7B1078F4,?,00000000,?,?,?,?,?,?,?,?,00000000,00E697DD,000000FF,Pg,00DE513E), ref: 00DE6D32
                                      • SysFreeString.OLEAUT32(?), ref: 00DE6D48
                                      • SysFreeString.OLEAUT32(00DE513E), ref: 00DE6D57
                                      • SetLastError.KERNEL32(00E96748), ref: 00DE6D7B
                                      • GetLastError.KERNEL32(7B1078F4), ref: 00DE6DB4
                                      • SetLastError.KERNEL32(00E96750,00DE513C), ref: 00DE6E1F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeString
                                      • String ID: Hg$Pg$Pg
                                      • API String ID: 2425351278-4254811255
                                      • Opcode ID: 4addc83ac05276e1b513a188c7dab5edb218a650668166dbcc4bce9df1d8fcc7
                                      • Instruction ID: 3057a3a8497126ecd404756d6ad84491920f8dc4cd06a81df94ae5154f4af485
                                      • Opcode Fuzzy Hash: 4addc83ac05276e1b513a188c7dab5edb218a650668166dbcc4bce9df1d8fcc7
                                      • Instruction Fuzzy Hash: 0C518C71A00288DFCF14EF66C848BAE7BF4FF14358F548619E819A7291DB34D949CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E0C92B Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 118registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E0C935
                                        • Part of subcall function 00DE4B50: GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 00DE4B74
                                      • RegEnumValueW.ADVAPI32(?,00000000,?,00000208,00000000,?,00000000,00000000), ref: 00E0C9BA
                                      • RegCloseKey.ADVAPI32(?), ref: 00E0CA6E
                                      • RegEnumValueW.ADVAPI32(?,00000001,?,00000208,00000000,?,00000000,00000000), ref: 00E0CA9C
                                        • Part of subcall function 00E156B8: __EH_prolog3_GS.LIBCMT ref: 00E156C2
                                        • Part of subcall function 00E156B8: lstrcpyW.KERNEL32(?,-00000004), ref: 00E15743
                                        • Part of subcall function 00E156B8: lstrcatW.KERNEL32(?," /%), ref: 00E15764
                                        • Part of subcall function 00E156B8: lstrcatW.KERNEL32(?,00000000), ref: 00E15786
                                      • RegCloseKey.ADVAPI32(?,00000438,?,00EAA690,?,00000000), ref: 00E0CAB5
                                      • RegCloseKey.ADVAPI32(00000000,?,?), ref: 00E0CAE6
                                        • Part of subcall function 00DE4B50: GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 00DE4B92
                                        • Part of subcall function 00DE4B50: RegCloseKey.ADVAPI32(00000000), ref: 00DE4BDE
                                      Strings
                                      • SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries, xrefs: 00E0C962
                                      • Software\Microsoft\Windows\CurrentVersion\RunOnceEx, xrefs: 00E0CA25
                                      • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00E0C9EC
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Close$EnumH_prolog3_Valuelstrcat$AddressHandleModuleProclstrcpy
                                      • String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries$Software\Microsoft\Windows\CurrentVersion\RunOnce$Software\Microsoft\Windows\CurrentVersion\RunOnceEx
                                      • API String ID: 3517147057-2087105512
                                      • Opcode ID: a649d52b84d783615ae8cf00e282a6b00196297a82814439342e0a24287ef9a5
                                      • Instruction ID: 1b23033215f1785b1fd6e5867482ecf6c452ef5ff9884fb1a6772ac2c48a8c1a
                                      • Opcode Fuzzy Hash: a649d52b84d783615ae8cf00e282a6b00196297a82814439342e0a24287ef9a5
                                      • Instruction Fuzzy Hash: 8141E0F1A012289EDB20DB61DC85BAEB6B8AF18319F5051E9F60DB2141D7709F88CF58
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E491C7 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32 ref: 00E49204
                                      • SetLastError.KERNEL32(?,?), ref: 00E4923E
                                      • MulDiv.KERNEL32(?,?,00000004), ref: 00E4927E
                                      • MulDiv.KERNEL32(?,?,00000008), ref: 00E49295
                                      • MulDiv.KERNEL32(?,?,00000004), ref: 00E492AC
                                      • MulDiv.KERNEL32(?,?,00000008), ref: 00E492C3
                                      • FillRect.USER32(?,?,0AAAAAAA), ref: 00E492DC
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FillRect
                                      • String ID: ALL$Pg
                                      • API String ID: 4221761928-2761254607
                                      • Opcode ID: fbae2d71b596b7e04342dabe4cfe8b713f3cf2ae1cb81aff6cc6834c95e1c108
                                      • Instruction ID: 93522d994869ecb41dee6464b5882fe0e24f56a09a353c4b48c795c5a535a8f2
                                      • Opcode Fuzzy Hash: fbae2d71b596b7e04342dabe4cfe8b713f3cf2ae1cb81aff6cc6834c95e1c108
                                      • Instruction Fuzzy Hash: 6D413A71500A04EFDB21DF54E988B99BBF1BF08708F0981A9E94DBB672C770A854DF51
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E2B44C Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 80registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E2B456
                                      • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion,00000000,?,?,00000000,00000000,00000000), ref: 00E2B4C2
                                      • RegQueryValueExW.ADVAPI32(?,CommonFilesDir,00000000,00000000,?,?), ref: 00E2B4FD
                                      • RegCloseKey.ADVAPI32(?,00000000,00E86F30,00000001,?,?,00000000), ref: 00E2B583
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CloseH_prolog3_OpenQueryValue
                                      • String ID: @o$CommonFilesDir$Ho$ProgramFilesDir$SOFTWARE\Microsoft\Windows\CurrentVersion
                                      • API String ID: 3753948038-3194799514
                                      • Opcode ID: 27c443220f82f8ee4233ad17d5ac8bfe8f2a84b3650a595ca66f36179aecae26
                                      • Instruction ID: f6564dc76340951b03560b6e274933184ec7e58acd61f60eea426c93aecb9bc3
                                      • Opcode Fuzzy Hash: 27c443220f82f8ee4233ad17d5ac8bfe8f2a84b3650a595ca66f36179aecae26
                                      • Instruction Fuzzy Hash: 9C315071902268AADB60AF55DC89BDEBBB8EF48305F1041E9A50CB7251DB705E88CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3F485 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 77libraryregistryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00E3F48C
                                        • Part of subcall function 00DF0617: __EH_prolog3.LIBCMT ref: 00DF061E
                                        • Part of subcall function 00DF0617: GetLastError.KERNEL32(00000004,00DF0837,?,00000000,00000004,00DFB8B4,?,00000001,0000006C,00DFC2A9,?,?,.ini,Hg,%ld,?), ref: 00DF0640
                                        • Part of subcall function 00DF0617: SetLastError.KERNEL32(?,?), ref: 00DF0678
                                        • Part of subcall function 00E3FBEA: __EH_prolog3.LIBCMT ref: 00E3FBF1
                                      • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00E3F509
                                      • GetLastError.KERNEL32 ref: 00E3F51A
                                      • RegOverridePredefKey.ADVAPI32(80000000,00000000), ref: 00E3F566
                                        • Part of subcall function 00E3F902: GetVersionExW.KERNEL32(?), ref: 00E3F926
                                        • Part of subcall function 00E3B922: RegOverridePredefKey.ADVAPI32(80000000,?), ref: 00E3B95C
                                        • Part of subcall function 00E3B922: RegCloseKey.ADVAPI32(?,00E96748,00000000,00000001,?,?,00E3F4F1), ref: 00E3B971
                                      • GetProcAddress.KERNEL32(00000000,DllRegisterServer), ref: 00E3F535
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorH_prolog3Last$OverridePredef$AddressCloseLibraryLoadProcVersion
                                      • String ID: DllRegisterServer$DllUnregisterServer$Pg$P
                                      • API String ID: 1583116022-3100529413
                                      • Opcode ID: 6470f61e8e5dc104b57b933a3f36370a4666527f6031d28976d2c9166197ee40
                                      • Instruction ID: 88b441aa5bbd10dd3773b2590617c4fc8a2e48dd28ee2254e4599db7119eb41e
                                      • Opcode Fuzzy Hash: 6470f61e8e5dc104b57b933a3f36370a4666527f6031d28976d2c9166197ee40
                                      • Instruction Fuzzy Hash: B221B470D00248BEEF00EFB4C85E7AE7FA4AF41308F546069E85ABB252D7708E08C721
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E293C0 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 66COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E293CA
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                        • Part of subcall function 00E0A824: __EH_prolog3_GS.LIBCMT ref: 00E0A82B
                                        • Part of subcall function 00E0A824: _wcslen.LIBCMT ref: 00E0A86F
                                        • Part of subcall function 00E0A824: SetLastError.KERNEL32(00000000,00000000,00000000,?,?,?,?,00000000,?,?,00000001), ref: 00E0A88C
                                        • Part of subcall function 00DFF3E3: __EH_prolog3_GS.LIBCMT ref: 00DFF3EA
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3_$FreeString$_wcslen
                                      • String ID: Hg$Hg$Hg$Hg$ISSetupPrerequisites$Pg$Pg$PreReqAppPackage
                                      • API String ID: 52270769-2165410311
                                      • Opcode ID: d932a84d4a675a8051f9b86ad77c2a76413df41da13ae6d16cf140c4cafd9c64
                                      • Instruction ID: a8cc64e388e7097cde670babeeb2b2dc5bb187aa4152d96d5da9e0e195ee4923
                                      • Opcode Fuzzy Hash: d932a84d4a675a8051f9b86ad77c2a76413df41da13ae6d16cf140c4cafd9c64
                                      • Instruction Fuzzy Hash: 97312D71901258EBDF10EB90CD8ABEDB7B4BF50308F54509AE50977282DBB45A49CF71
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E294C8 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 66COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E294D2
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                        • Part of subcall function 00E0A824: __EH_prolog3_GS.LIBCMT ref: 00E0A82B
                                        • Part of subcall function 00E0A824: _wcslen.LIBCMT ref: 00E0A86F
                                        • Part of subcall function 00E0A824: SetLastError.KERNEL32(00000000,00000000,00000000,?,?,?,?,00000000,?,?,00000001), ref: 00E0A88C
                                        • Part of subcall function 00DFF3E3: __EH_prolog3_GS.LIBCMT ref: 00DFF3EA
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3_$FreeString$_wcslen
                                      • String ID: Hg$Hg$Hg$Hg$ISSetupPrerequisites$Pg$Pg$PreReqFeatures
                                      • API String ID: 52270769-2675910754
                                      • Opcode ID: 60e68ad7fd8f069027142f637552ff7c6bf3f60b48181602503233c94e5f5e46
                                      • Instruction ID: 5ef0793158a8b0aa87e47a6b67480a24a6f55ae914014e2fe95798b4e1857b3b
                                      • Opcode Fuzzy Hash: 60e68ad7fd8f069027142f637552ff7c6bf3f60b48181602503233c94e5f5e46
                                      • Instruction Fuzzy Hash: 56311C71901258EBDF10EB90CD8ABEEB7B4BF50308F54509AE50977282DBB45A49CF71
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E295D0 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 66COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E295DA
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                        • Part of subcall function 00E0A824: __EH_prolog3_GS.LIBCMT ref: 00E0A82B
                                        • Part of subcall function 00E0A824: _wcslen.LIBCMT ref: 00E0A86F
                                        • Part of subcall function 00E0A824: SetLastError.KERNEL32(00000000,00000000,00000000,?,?,?,?,00000000,?,?,00000001), ref: 00E0A88C
                                        • Part of subcall function 00DFF3E3: __EH_prolog3_GS.LIBCMT ref: 00DFF3EA
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3_$FreeString$_wcslen
                                      • String ID: Hg$Hg$Hg$Hg$ISSetupPrerequisites$Pg$Pg$PreReq
                                      • API String ID: 52270769-1992793697
                                      • Opcode ID: d03e6f805be5fd04cbfe69f7ba1b9f9148891f475eb3b9cdb3ba6217545fe256
                                      • Instruction ID: df42bc66001c97a99adfd073b786f7a9ab19040d25efe243341bc964f843f0eb
                                      • Opcode Fuzzy Hash: d03e6f805be5fd04cbfe69f7ba1b9f9148891f475eb3b9cdb3ba6217545fe256
                                      • Instruction Fuzzy Hash: B1311C71901258EBDF10EB90CD8ABEDB7B4BF50308F54509AE50977282DBB45A49CF71
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E296D8 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 66COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E296E2
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                        • Part of subcall function 00E0A824: __EH_prolog3_GS.LIBCMT ref: 00E0A82B
                                        • Part of subcall function 00E0A824: _wcslen.LIBCMT ref: 00E0A86F
                                        • Part of subcall function 00E0A824: SetLastError.KERNEL32(00000000,00000000,00000000,?,?,?,?,00000000,?,?,00000001), ref: 00E0A88C
                                        • Part of subcall function 00DFF3E3: __EH_prolog3_GS.LIBCMT ref: 00DFF3EA
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3_$FreeString$_wcslen
                                      • String ID: Hg$Hg$Hg$Hg$ISSetupPrerequisites$Pg$Pg$PreReqWPMPackage
                                      • API String ID: 52270769-932757415
                                      • Opcode ID: 57df0ca8344e0dba13ee0421425bd9bc385d06417ccc694e41a44c7759431495
                                      • Instruction ID: 40125cb2109fdd2d0eabcfd50d80318082ee707c58872bf4092149bea8eae856
                                      • Opcode Fuzzy Hash: 57df0ca8344e0dba13ee0421425bd9bc385d06417ccc694e41a44c7759431495
                                      • Instruction Fuzzy Hash: 99312D71901258EBDF10EB90CD8ABEDB7B4BF50304F54509AE50977282DBB45A49CF71
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E18A50 Relevance: 15.3, APIs: 10, Instructions: 338windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E18A57
                                      • GetDlgItem.USER32(?,00000000), ref: 00E18AD3
                                      • SendMessageW.USER32(00000000), ref: 00E18ADA
                                      • GetDlgItem.USER32(?,00000000), ref: 00E18B1A
                                      • SendMessageW.USER32(00000000), ref: 00E18B21
                                      • GetDlgItem.USER32(?,00000000), ref: 00E18C06
                                      • SendMessageW.USER32(00000000), ref: 00E18C0D
                                      • EndDialog.USER32(?,00000002), ref: 00E18C23
                                      • SetWindowTextW.USER32(?,-00000004), ref: 00E18C74
                                      • DeleteObject.GDI32(00000044), ref: 00E18E7B
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ItemMessageSend$DeleteDialogH_prolog3_ObjectTextWindow
                                      • String ID:
                                      • API String ID: 804393631-0
                                      • Opcode ID: 168e42b448439b6e398a210b7962e48c14434b254e6bc6cd5292ac1db1b4cc4d
                                      • Instruction ID: 21ecaafe748e43dec9dc81c24d26a96a50a77ffe7a2260fe27ac5ed4ff2f661c
                                      • Opcode Fuzzy Hash: 168e42b448439b6e398a210b7962e48c14434b254e6bc6cd5292ac1db1b4cc4d
                                      • Instruction Fuzzy Hash: A2C17976A01614DFCB05AF65DE4887E7BAAFF88320B190154F805B73A1DF30AD46DBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE8880 Relevance: 15.2, APIs: 6, Strings: 4, Instructions: 199COMMON
                                      Download Yara Rule
                                      APIs
                                      • MultiByteToWideChar.KERNEL32(00E9672E,00000000,00000000,00000001,00000000,00000000,7B1078F4,Hg,?,?,?,?,?,?,00E96748,00E69AA5), ref: 00DE88F5
                                      • MultiByteToWideChar.KERNEL32(00E9672E,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,00E96748,00E69AA5,000000FF,Pg), ref: 00DE892B
                                      • GetLastError.KERNEL32(?,7B1078F4,Hg,?), ref: 00DE89B9
                                      • SetLastError.KERNEL32(00E96750,00E965D4,00000000,?,7B1078F4,Hg,?), ref: 00DE8A12
                                      • GetLastError.KERNEL32(7B1078F4,Hg,?), ref: 00DE8A6C
                                      • SetLastError.KERNEL32(00E96750,00E965D4,00000000), ref: 00DE8AC8
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$ByteCharMultiWide
                                      • String ID: Hg$Hg$Pg$Pg
                                      • API String ID: 3361762293-1516674844
                                      • Opcode ID: eee8f094dd54a7123f75d88050f885ea6853226488fa1fac402aff4ab26b3046
                                      • Instruction ID: e2f60210913c3a05506842e93504069481203580c437458953851bd6246ed0af
                                      • Opcode Fuzzy Hash: eee8f094dd54a7123f75d88050f885ea6853226488fa1fac402aff4ab26b3046
                                      • Instruction Fuzzy Hash: 4F719D71D006489FDF14DFA9CC59BAEBBB4EF88304F14412AE819B7291DB759905CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DFA154 Relevance: 15.1, APIs: 10, Instructions: 144threadfileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00DFA15E
                                        • Part of subcall function 00DFA40B: lstrlenW.KERNEL32(?), ref: 00DFA416
                                      • CopyFileW.KERNEL32(?,?,00000000,0000082C,00E0D4C4,?,?), ref: 00DFA179
                                      • _wcslen.LIBCMT ref: 00DFA1B0
                                      • _wcslen.LIBCMT ref: 00DFA1DB
                                      • CreateThread.KERNEL32(00000000,00000000,00DFA5F0,?,00000000,?), ref: 00DFA242
                                      • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,00000004), ref: 00DFA2B1
                                      • GetExitCodeThread.KERNEL32(?,?), ref: 00DFA2FA
                                      • CloseHandle.KERNEL32(?), ref: 00DFA301
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Thread_wcslen$CloseCodeCopyCreateExitFileH_prolog3_HandleMultipleObjectsWaitlstrlen
                                      • String ID:
                                      • API String ID: 1678575479-0
                                      • Opcode ID: 17095df7f4a2f0e4c040eb865ffec20c5d9524798f2651edb965de8efe0e6a7c
                                      • Instruction ID: 35522a81e895c1cf34fae8e6ca2bdb0bd7d77f4f136f26d552ffc544fbec97ba
                                      • Opcode Fuzzy Hash: 17095df7f4a2f0e4c040eb865ffec20c5d9524798f2651edb965de8efe0e6a7c
                                      • Instruction Fuzzy Hash: 3741E3B1A00628ABDB20AB648C49BFEB7ECEF44310F058164BA5DA7181DF705E45CBF5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E60381 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                      Download Yara Rule
                                      APIs
                                      • _free.LIBCMT ref: 00E60395
                                        • Part of subcall function 00E5FB45: HeapFree.KERNEL32(00000000,00000000,?,00E63406,?,00000000,?,00000000,?,00E6342D,?,00000007,?,?,00E6388F,?), ref: 00E5FB5B
                                        • Part of subcall function 00E5FB45: GetLastError.KERNEL32(?,?,00E63406,?,00000000,?,00000000,?,00E6342D,?,00000007,?,?,00E6388F,?,?), ref: 00E5FB6D
                                      • _free.LIBCMT ref: 00E603A1
                                      • _free.LIBCMT ref: 00E603AC
                                      • _free.LIBCMT ref: 00E603B7
                                      • _free.LIBCMT ref: 00E603C2
                                      • _free.LIBCMT ref: 00E603CD
                                      • _free.LIBCMT ref: 00E603D8
                                      • _free.LIBCMT ref: 00E603E3
                                      • _free.LIBCMT ref: 00E603EE
                                      • _free.LIBCMT ref: 00E603FC
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: _free$ErrorFreeHeapLast
                                      • String ID:
                                      • API String ID: 776569668-0
                                      • Opcode ID: fb46f50384829b6d51189db495ef9f46d25d372584dec23f8a7a1a12e0fd7f96
                                      • Instruction ID: 7ba5aa72704e4ee771b2e97fef3ac1d7fbfcf10762561ea346b51a9a1aeff7fb
                                      • Opcode Fuzzy Hash: fb46f50384829b6d51189db495ef9f46d25d372584dec23f8a7a1a12e0fd7f96
                                      • Instruction Fuzzy Hash: EB11A476100509FFCF81EF54CA96CD97BA6EF04351B4154A5FA08AF222DA71DB549B80
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E52CB1 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CallFramesMatchNestedTypeUnexpectedUnwind_aborttype_info::operator==
                                      • String ID: csm$csm$csm
                                      • API String ID: 322700389-393685449
                                      • Opcode ID: badadbb21a0ab4cca9f944fdb16587d3d3b0f704dc0c01c6ac8c88ae08e41bf8
                                      • Instruction ID: ec368d001b037cab1763738cedbfc4c1fb52121c46a031482f6d21afce5dad53
                                      • Opcode Fuzzy Hash: badadbb21a0ab4cca9f944fdb16587d3d3b0f704dc0c01c6ac8c88ae08e41bf8
                                      • Instruction Fuzzy Hash: 3FB18931900209AFCF19DFA4D8819AEBBB5BF05316F14695DEE007B212D731EA59CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E2F638 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 191COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E2F642
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                      • GetCurrentDirectoryW.KERNEL32(00000104,00000000,?,?,?,?,?,?,00000001), ref: 00E2F6B9
                                      • ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,?,00000001), ref: 00E2F83C
                                      • ExpandEnvironmentStringsW.KERNEL32(00000007,00000000,00000000,0000003B,00000000,?,00000001,?,Hg), ref: 00E2F7CC
                                        • Part of subcall function 00E0A0E7: __EH_prolog3_catch.LIBCMT ref: 00E0A0EE
                                        • Part of subcall function 00DE7930: SysStringLen.OLEAUT32(00000000), ref: 00DE793A
                                        • Part of subcall function 00DE7930: SysReAllocStringLen.OLEAUT32(00000000,00000009,00000008), ref: 00DE7955
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: EnvironmentErrorExpandLastStringStrings$AllocCurrentDirectoryH_prolog3_H_prolog3_catch
                                      • String ID: 0$Hg$PATH$Pg
                                      • API String ID: 2106327203-1757645527
                                      • Opcode ID: 50447301c67042eda511ec078751a4fcb50d3dfa583e04167879a77ef289e4c0
                                      • Instruction ID: b705fcb55eb894f11d3a3da53c7e5b75ea42d9d17f7db4241cab614c4f8e7f9a
                                      • Opcode Fuzzy Hash: 50447301c67042eda511ec078751a4fcb50d3dfa583e04167879a77ef289e4c0
                                      • Instruction Fuzzy Hash: 40818C70911368DFDB28EBA4DC95BDDB7B9EF04304F1041A9E009B7291DB709A89CF62
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E6686D Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 152fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00E66FE2,00000000,00000000,00000000,00000000,00000000,?), ref: 00E668AF
                                      • __fassign.LIBCMT ref: 00E6692A
                                      • __fassign.LIBCMT ref: 00E66945
                                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 00E6696B
                                      • WriteFile.KERNEL32(?,00000000,00000000,o,00000000,?,?,?,?,?,?,?,?,?,00E66FE2,00000000), ref: 00E6698A
                                      • WriteFile.KERNEL32(?,00000000,00000001,o,00000000,?,?,?,?,?,?,?,?,?,00E66FE2,00000000), ref: 00E669C3
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                      • String ID: o
                                      • API String ID: 1324828854-2084137227
                                      • Opcode ID: e3b569686393564150558b7b14e5d68a45932d9c09ad35ccc6b251db11394071
                                      • Instruction ID: e0b7fe745b1c3c91472d8fed5d2f947c7263c582f0e625350bdbe01a9a6f9778
                                      • Opcode Fuzzy Hash: e3b569686393564150558b7b14e5d68a45932d9c09ad35ccc6b251db11394071
                                      • Instruction Fuzzy Hash: 5F51C2B1A102499FCF10CFA8EC85AEEBBF8EF09354F14812AE955F7291D7309944CB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E011D1 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 142COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_
                                      • String ID: C:\CodeBases\isdev\Src\Runtime\Shared\Setup\IsPreReqDlg.cpp$Delaying required MSI Reboot$Hg$Hg$Pg$Pg$User chose to reboot later. Exiting.
                                      • API String ID: 2427045233-1601619548
                                      • Opcode ID: 43f9d4635163a542eb0d639aa4ad2164015531cf8af1b8aa27b0489a0232a3ab
                                      • Instruction ID: f4783951610e12b0ababc8915642887e7e5e46bc945a9cc1ae74e11a74f6ab63
                                      • Opcode Fuzzy Hash: 43f9d4635163a542eb0d639aa4ad2164015531cf8af1b8aa27b0489a0232a3ab
                                      • Instruction Fuzzy Hash: 9951C031D00258DFDF11EBA0C885BED7B74BF44314F2411AAE905BB2C2DB745A4ACBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DF660F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 110stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00DF6619
                                        • Part of subcall function 00DF694B: __EH_prolog3_GS.LIBCMT ref: 00DF6952
                                        • Part of subcall function 00DF6205: __EH_prolog3_GS.LIBCMT ref: 00DF620C
                                      • lstrcpyW.KERNEL32(00DF65A3,-00000010), ref: 00DF66A6
                                      • lstrcpyW.KERNEL32(?,?), ref: 00DF66CC
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_$lstrcpy
                                      • String ID: Hg$Hg$MsiVersion$Pg$Pg
                                      • API String ID: 1231505184-1428816846
                                      • Opcode ID: 893d9e6567f2f306ab8efeb54809aa94c78a4231b0de6c17875dcb510efd7b53
                                      • Instruction ID: b7246eada1cf4bd99d0337ff3727f086d9741b304fd1278405a022fa7e91a94d
                                      • Opcode Fuzzy Hash: 893d9e6567f2f306ab8efeb54809aa94c78a4231b0de6c17875dcb510efd7b53
                                      • Instruction Fuzzy Hash: 1741A072A00218DFDB10EB64CC85BADB7B5AF45310F158195E509AB692DB70AE84CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E36621 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 107fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E3662B
                                      • GetModuleFileNameW.KERNEL32(?,00000104), ref: 00E36661
                                        • Part of subcall function 00E3529F: __EH_prolog3_GS.LIBCMT ref: 00E352A6
                                        • Part of subcall function 00E3529F: _wcslen.LIBCMT ref: 00E3531F
                                        • Part of subcall function 00E3529F: CreateFileW.KERNELBASE(00000140,80000000,00000003,00000000,00000003,00000080,00000000,00E965D4,00000000), ref: 00E35369
                                        • Part of subcall function 00E3529F: GetLastError.KERNEL32 ref: 00E35377
                                        • Part of subcall function 00E37674: __EH_prolog3_GS.LIBCMT ref: 00E3767B
                                      • GetTempPathW.KERNEL32(00000104,?,?,?,?,?,?,?), ref: 00E366DC
                                      • GetTempFileNameW.KERNEL32(?,00E8FC0C,00000000,?,?,?,?,?,?,?), ref: 00E366F7
                                        • Part of subcall function 00DF070A: __EH_prolog3.LIBCMT ref: 00DF0711
                                        • Part of subcall function 00DF070A: GetLastError.KERNEL32(00000004,00DE4709,00E965D4,?,00000000), ref: 00DF0733
                                        • Part of subcall function 00DF070A: SetLastError.KERNEL32(?,?,?), ref: 00DF0774
                                        • Part of subcall function 00DF9714: __EH_prolog3.LIBCMT ref: 00DF971B
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                        • Part of subcall function 00DF0563: __EH_prolog3.LIBCMT ref: 00DF056A
                                        • Part of subcall function 00DF225C: _wcslen.LIBCMT ref: 00DF2265
                                        • Part of subcall function 00DF1EC3: __EH_prolog3_GS.LIBCMT ref: 00DF1ECA
                                      • DeleteFileW.KERNEL32(?,?,?,00E965D4,?,?,?,00000000,Hg,00000000,?,?,?), ref: 00E367A7
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FileH_prolog3_$H_prolog3$FreeNameStringTemp_wcslen$CreateDeleteModulePath
                                      • String ID: Hg$Hg$Pg
                                      • API String ID: 3454021370-3920519673
                                      • Opcode ID: a9db4899142bd85c266c9b6f959d18e8caff8fc32760e97047c55b92692b6c7d
                                      • Instruction ID: 6bed647332cb42239929628b5dc49dbc294b0118874581b65d812940f0127552
                                      • Opcode Fuzzy Hash: a9db4899142bd85c266c9b6f959d18e8caff8fc32760e97047c55b92692b6c7d
                                      • Instruction Fuzzy Hash: 97412A7194121CAEDB10EBA0CC8AFDEB7B8AB54304F5042D5B609B7192DF746B89CF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3F34E Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 97COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E3F355
                                        • Part of subcall function 00DF0617: __EH_prolog3.LIBCMT ref: 00DF061E
                                        • Part of subcall function 00DF0617: GetLastError.KERNEL32(00000004,00DF0837,?,00000000,00000004,00DFB8B4,?,00000001,0000006C,00DFC2A9,?,?,.ini,Hg,%ld,?), ref: 00DF0640
                                        • Part of subcall function 00DF0617: SetLastError.KERNEL32(?,?), ref: 00DF0678
                                        • Part of subcall function 00E3FBEA: __EH_prolog3.LIBCMT ref: 00E3FBF1
                                        • Part of subcall function 00DF44FB: __EH_prolog3_GS.LIBCMT ref: 00DF4502
                                        • Part of subcall function 00DF9617: _wcslen.LIBCMT ref: 00DF963F
                                        • Part of subcall function 00E3F62A: __EH_prolog3_GS.LIBCMT ref: 00E3F631
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_$ErrorH_prolog3Last$_wcslen
                                      • String ID: .DLL$.EXE$.OCX$.TLB$Hg$Pg$P
                                      • API String ID: 1216532131-1363770938
                                      • Opcode ID: f76d61f54f94ed48a472f0d92d48fbdbf6f6218dbadc80c30cb76eb93ffe4683
                                      • Instruction ID: 49d909250b01de73764b5a589003760fa19ac9234f57a5ddf1c206e6c4080ca1
                                      • Opcode Fuzzy Hash: f76d61f54f94ed48a472f0d92d48fbdbf6f6218dbadc80c30cb76eb93ffe4683
                                      • Instruction Fuzzy Hash: 4C316D70C00208AEDF04EF64C8968AD7FB9EF44744F50506AF81977262DB729D5ACBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E062E8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 70COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00E062EF
                                      • GetLastError.KERNEL32(00000008,00E062BA,000000CC,00000000,?,00000001), ref: 00E06311
                                      • SetLastError.KERNEL32(?), ref: 00E06354
                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,?,00000000,00000000), ref: 00E06375
                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,?,00000003,00000000,00000000,00000000), ref: 00E0639C
                                      • SetLastError.KERNEL32(?), ref: 00E063AA
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$ByteCharMultiWide$H_prolog3
                                      • String ID: .g$Pg
                                      • API String ID: 1573742327-1363215343
                                      • Opcode ID: 40146abb0d7779f38ebafbeed39509601ae84fb982b38625c06b26408a299a83
                                      • Instruction ID: 043b5a3d145dd3eab9a78c65d8549470fa4397d291e30a01caf1aab3f4eda6db
                                      • Opcode Fuzzy Hash: 40146abb0d7779f38ebafbeed39509601ae84fb982b38625c06b26408a299a83
                                      • Instruction Fuzzy Hash: 7A215771901604EFDB11CFA8D849B5ABFF0FF49314F1195ADE949AB2A2C7B09904CF51
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3CCCD Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 57libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNEL32(kernel32.dll,FindNextFileW,00000000,00000000), ref: 00E3CCF2
                                      • GetProcAddress.KERNEL32(00000000), ref: 00E3CCF9
                                      • GetModuleHandleW.KERNEL32(kernel32.dll,FindNextFileA), ref: 00E3CD2F
                                      • GetProcAddress.KERNEL32(00000000), ref: 00E3CD36
                                        • Part of subcall function 00E3AD06: _wcslen.LIBCMT ref: 00E3AD6C
                                        • Part of subcall function 00E3AD06: _wcslen.LIBCMT ref: 00E3AD92
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: AddressHandleModuleProc_wcslen
                                      • String ID: FindNextFileA$FindNextFileW$Ho$kernel32.dll
                                      • API String ID: 3211540076-3442237674
                                      • Opcode ID: 21bd0d53140b35183428c204e3d0c03d229c7ec0c2aaf01d857263da1cf259a3
                                      • Instruction ID: c717013bc3b5191ef6d78c21a813ee14542c6d955d1d76c0e420a82e4c426665
                                      • Opcode Fuzzy Hash: 21bd0d53140b35183428c204e3d0c03d229c7ec0c2aaf01d857263da1cf259a3
                                      • Instruction Fuzzy Hash: FB116532A01619AFCB20EBA59C0DAEEBBA8DB88715F9551B5B409F3180DF74DE08C750
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3CBE6 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 56libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E3CBF0
                                      • GetModuleHandleW.KERNEL32(kernel32.dll,FindFirstFileW,00000254,00E3D039,?,?), ref: 00E3CC0C
                                      • GetProcAddress.KERNEL32(00000000), ref: 00E3CC0F
                                      • GetModuleHandleW.KERNEL32(kernel32.dll,FindFirstFileA,?,?), ref: 00E3CC4F
                                      • GetProcAddress.KERNEL32(00000000), ref: 00E3CC52
                                        • Part of subcall function 00E3AD06: _wcslen.LIBCMT ref: 00E3AD6C
                                        • Part of subcall function 00E3AD06: _wcslen.LIBCMT ref: 00E3AD92
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: AddressHandleModuleProc_wcslen$H_prolog3_
                                      • String ID: FindFirstFileA$FindFirstFileW$kernel32.dll
                                      • API String ID: 2755895429-163559883
                                      • Opcode ID: 9d282a164377eb3351db49b4cf2cfc42595fb1cc1dea3ae7c868dd05df789ac5
                                      • Instruction ID: daab0c26a490c57c2683cbcd8f955992cbbc188f9ebd70ef7a2bf3c6947acf36
                                      • Opcode Fuzzy Hash: 9d282a164377eb3351db49b4cf2cfc42595fb1cc1dea3ae7c868dd05df789ac5
                                      • Instruction Fuzzy Hash: 5D11B2329007149BCF14EBB4CC4D9AEBB64AB84364F556754B82DB71C0DB70DD44CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3C302 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 51libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNEL32(kernel32.dll,CreateFileW,?,?,Ho,00E2338D,?,?,?,?,Ho,?,?,00000004,00E3295B,@o), ref: 00E3C318
                                      • GetProcAddress.KERNEL32(00000000), ref: 00E3C31B
                                      • GetModuleHandleW.KERNEL32(kernel32.dll,CreateFileA,?,?,Ho,00E2338D,?,?,?,?,Ho,?,?,00000004,00E3295B,@o), ref: 00E3C350
                                      • GetProcAddress.KERNEL32(00000000), ref: 00E3C353
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: AddressHandleModuleProc
                                      • String ID: CreateFileA$CreateFileW$Ho$kernel32.dll
                                      • API String ID: 1646373207-562196805
                                      • Opcode ID: 47b95caea21b6c097366a275b2fa781505177009ae280a869f411136fda7e52e
                                      • Instruction ID: a7f4b33e62788a6f3b1cfaf1cdc14fdb77d0dae75c8fdfd9cf082f106644e382
                                      • Opcode Fuzzy Hash: 47b95caea21b6c097366a275b2fa781505177009ae280a869f411136fda7e52e
                                      • Instruction Fuzzy Hash: 69015E32400209BFCF115FA5DC48DAE3F2AFF08754B149554FA1976160CA76C831EBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3CE4E Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 37libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00E3CE55
                                      • GetModuleHandleW.KERNEL32(kernel32.dll,GetFileAttributesW,00000000,00E3C526), ref: 00E3CE6F
                                      • GetProcAddress.KERNEL32(00000000), ref: 00E3CE72
                                      • GetModuleHandleW.KERNEL32(kernel32.dll,GetFileAttributesA), ref: 00E3CE96
                                      • GetProcAddress.KERNEL32(00000000), ref: 00E3CE99
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: AddressHandleModuleProc$H_prolog3
                                      • String ID: GetFileAttributesA$GetFileAttributesW$kernel32.dll
                                      • API String ID: 1623054726-1399581607
                                      • Opcode ID: 47560bc69b052863da66846187281d7d7f121fee859eff70b70a90e411873aae
                                      • Instruction ID: b20dbd4288fe8a1a6b90e70dedfcb61027dae69cbd092321e74281d726e51da2
                                      • Opcode Fuzzy Hash: 47560bc69b052863da66846187281d7d7f121fee859eff70b70a90e411873aae
                                      • Instruction Fuzzy Hash: 4AF09031601705AFCB10BFB68C1DAAE7B64AF80B10F925525F81DBB181DF74DA05CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E2B7AA Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 23libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNEL32(kernel32,?,?,00E2CE51,?,?,?,?,?,?,?,?,00000001,00000250,00E2C8F1,?), ref: 00E2B7B7
                                      • GetProcAddress.KERNEL32(00000000,Wow64EnableWow64FsRedirection), ref: 00E2B7C5
                                      • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00E2B7D4
                                      • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00E2B7E3
                                      Strings
                                      • Wow64RevertWow64FsRedirection, xrefs: 00E2B7DA
                                      • Wow64DisableWow64FsRedirection, xrefs: 00E2B7CB
                                      • kernel32, xrefs: 00E2B7AE
                                      • Wow64EnableWow64FsRedirection, xrefs: 00E2B7BF
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: AddressProc$HandleModule
                                      • String ID: Wow64DisableWow64FsRedirection$Wow64EnableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32
                                      • API String ID: 667068680-3439747844
                                      • Opcode ID: a0d1abd59f8b66ccb79a6ecc66bcf95ad00823359ec8c670729b3425368e1adf
                                      • Instruction ID: 9e6481395e26d81f263f3da37953438c47e7f0f8c35b62b3f059f6bcacd99c5c
                                      • Opcode Fuzzy Hash: a0d1abd59f8b66ccb79a6ecc66bcf95ad00823359ec8c670729b3425368e1adf
                                      • Instruction Fuzzy Hash: EAE01232602F10BFC3006B76AC0DA55BAA4FF45615744452AF51DF3350DBB458148BA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E19630 Relevance: 13.6, APIs: 9, Instructions: 109COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E1963A
                                      • GetDlgItemTextW.USER32(?,000003E8,?,00000064), ref: 00E1968F
                                      • GetDlgItem.USER32(?,00000001), ref: 00E1969C
                                        • Part of subcall function 00E19572: wsprintfW.USER32 ref: 00E195A1
                                        • Part of subcall function 00E19572: lstrcmpW.KERNEL32(?,?), ref: 00E195B5
                                      • EnableWindow.USER32(00000000), ref: 00E196BF
                                      • EndDialog.USER32(?,00000002), ref: 00E196CA
                                      • EndDialog.USER32(?,00000002), ref: 00E196DE
                                      • GetDlgItem.USER32(?,00000001), ref: 00E196F4
                                      • SetWindowTextW.USER32(?,-00000004), ref: 00E19771
                                      • EnableWindow.USER32(00000000,00000000), ref: 00E1978D
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ItemWindow$DialogEnableText$H_prolog3_lstrcmpwsprintf
                                      • String ID:
                                      • API String ID: 2161687695-0
                                      • Opcode ID: 99b186230748ecfd1e8c756b800fb2b1e2c4a3bb7ddbddfec138f8b7f4e58057
                                      • Instruction ID: 21112d0eb1f1129c15713386c530b7d37f59d3db6bdd9ed60bceab65b603b4bd
                                      • Opcode Fuzzy Hash: 99b186230748ecfd1e8c756b800fb2b1e2c4a3bb7ddbddfec138f8b7f4e58057
                                      • Instruction Fuzzy Hash: 15311231541250AFD714EB71DE9AFEA3B68EF05715F004206F606BB2E2DBB4CA84C765
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E606AE Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 305COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: __alldvrm$_strrchr
                                      • String ID: tL$tL$tL
                                      • API String ID: 1036877536-3726602984
                                      • Opcode ID: 7f03c008ad75e5bcf0bf86d782b3f054be177b379cf9dfa9795f0c660b479b7c
                                      • Instruction ID: 38e3c29183ac57aeeb68cc2b25cd1c7a80bad84a092594786ee3f5355ac64176
                                      • Opcode Fuzzy Hash: 7f03c008ad75e5bcf0bf86d782b3f054be177b379cf9dfa9795f0c660b479b7c
                                      • Instruction Fuzzy Hash: A2A16A329803669FEB15CF18E8817AFBBE5EF91394F14516ED485BB382C2749D41C790
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E302C3 Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 201COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E302CA
                                      • _wcslen.LIBCMT ref: 00E30352
                                      • _wcslen.LIBCMT ref: 00E3036B
                                        • Part of subcall function 00DF3EFA: SysFreeString.OLEAUT32(00000000), ref: 00DF3F09
                                        • Part of subcall function 00E2B36A: __EH_prolog3_GS.LIBCMT ref: 00E2B371
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3__wcslen$FreeString
                                      • String ID: REBOOTPROMPT=S$/passive$Hg$uiet
                                      • API String ID: 2310051904-1312116089
                                      • Opcode ID: 322b7f821e3bfaee2bf9a9bea5a64154fc22b6a37cad60aa7ab66baa8fae2e77
                                      • Instruction ID: f4ab2e4916a84941751a470a4eff9fed8390cfb4da22edce46fac7c1a55e0d07
                                      • Opcode Fuzzy Hash: 322b7f821e3bfaee2bf9a9bea5a64154fc22b6a37cad60aa7ab66baa8fae2e77
                                      • Instruction Fuzzy Hash: 4561B631900208EADB24EBA4DC9AFED77B8EF45714F215219F1257B1D1DB705E45C760
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E24D0C Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 173COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E24D16
                                        • Part of subcall function 00E24F9F: __EH_prolog3_GS.LIBCMT ref: 00E24FA6
                                        • Part of subcall function 00DF0809: __EH_prolog3.LIBCMT ref: 00DF0810
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_$H_prolog3
                                      • String ID: %20$Hg$Hg$Hg$Pg$file://
                                      • API String ID: 3952504126-4265224457
                                      • Opcode ID: 8e10158ac3cef884bf1e1c3299c334104265008ba1d10a9b0f0a0254c7d7c235
                                      • Instruction ID: b77c538ef937417bfb8f2df875cb523ebdb50791399602bd156ef75b5e6194f2
                                      • Opcode Fuzzy Hash: 8e10158ac3cef884bf1e1c3299c334104265008ba1d10a9b0f0a0254c7d7c235
                                      • Instruction Fuzzy Hash: 52615971A10228EFDB10EBA0CC85BEDB7B8FF51304F519099E149B7282DB705B09CB62
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DFC203 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 170COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00DFC20D
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                        • Part of subcall function 00DFB88D: __EH_prolog3_GS.LIBCMT ref: 00DFB894
                                        • Part of subcall function 00DFB88D: _wcslen.LIBCMT ref: 00DFB8BE
                                        • Part of subcall function 00DFC1CC: __EH_prolog3.LIBCMT ref: 00DFC1D3
                                        • Part of subcall function 00DF4265: __EH_prolog3_GS.LIBCMT ref: 00DF426F
                                        • Part of subcall function 00DFBA06: __EH_prolog3.LIBCMT ref: 00DFBA0D
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                        • Part of subcall function 00E41289: __EH_prolog3.LIBCMT ref: 00E41290
                                        • Part of subcall function 00DF099E: __EH_prolog3.LIBCMT ref: 00DF09A5
                                        • Part of subcall function 00DF0809: __EH_prolog3.LIBCMT ref: 00DF0810
                                        • Part of subcall function 00E42370: __EH_prolog3_GS.LIBCMT ref: 00E4237A
                                        • Part of subcall function 00DF088A: __EH_prolog3_GS.LIBCMT ref: 00DF0891
                                        • Part of subcall function 00E429D0: __EH_prolog3.LIBCMT ref: 00E429D7
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3$H_prolog3_$ErrorLast$FreeString$_wcslen
                                      • String ID: %ld$.ini$0x%04x$Hg$Hg$Pg
                                      • API String ID: 1736479498-1181766993
                                      • Opcode ID: 437c328362389a0206c8279a18937b5d0dbee905f298e062d09473c79f711c03
                                      • Instruction ID: 00acddcc0f6e4daf15ae4ca103820d37e16d071ec687902375bce1a898318c27
                                      • Opcode Fuzzy Hash: 437c328362389a0206c8279a18937b5d0dbee905f298e062d09473c79f711c03
                                      • Instruction Fuzzy Hash: 4561AE71D0025CEADF14EBA4CD46BEDBBB8AF54304F1440D9F549A7282E7705B48DBA2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E20EA0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 143COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E20EAA
                                        • Part of subcall function 00E1F17A: __EH_prolog3_catch.LIBCMT ref: 00E1F181
                                        • Part of subcall function 00E1F17A: lstrcmpW.KERNEL32(?,00E965D4,?,?,00E965D4,?,?,00000004,00E219B6,Startup,Source,00000001,?,00000400,00000452), ref: 00E1F1A9
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_H_prolog3_catchlstrcmp
                                      • String ID: C:\CodeBases\isdev\Src\Runtime\MSI\Shared\Setup\session.cpp$Creating setup dialog...$Hg$Hg$Pg$Startup
                                      • API String ID: 2908130396-4153320000
                                      • Opcode ID: 7596d19daa62240ced816e3f9d0cf7c2fb7ab8ca216fffeb6ddb5badd6c6f805
                                      • Instruction ID: d5cd5b5bc4ce7ef6ed9152bf97595af9edaa1d917233fb210091cf2f547e2ce7
                                      • Opcode Fuzzy Hash: 7596d19daa62240ced816e3f9d0cf7c2fb7ab8ca216fffeb6ddb5badd6c6f805
                                      • Instruction Fuzzy Hash: 74615B70A0525CABDF25EBA0CE59BDDB7B8AB14304F5002D9A119B31D2DB705F89CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E0825E Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 141registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E08268
                                        • Part of subcall function 00E21910: __EH_prolog3_GS.LIBCMT ref: 00E2191A
                                        • Part of subcall function 00DE4B50: GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 00DE4B74
                                      • RegCloseKey.ADVAPI32(00000000), ref: 00E083E6
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                        • Part of subcall function 00DFC19E: __EH_prolog3.LIBCMT ref: 00DFC1A5
                                      • RegDeleteValueW.ADVAPI32(?,?), ref: 00E083B5
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorH_prolog3_Last$CloseDeleteH_prolog3HandleModuleValue
                                      • String ID: %%IS_PREREQCMD%%-%s$Hg$Pg$Software\Microsoft\Windows\CurrentVersion
                                      • API String ID: 542918927-3555443402
                                      • Opcode ID: c63b9bc7167c365894c027d43b48a2d8243682c3d3cbe18f02cb6d35fe63f7a8
                                      • Instruction ID: bcc3986b0a9b4a1dbb1d6ef576d8a1420daef2ff85c2e9f58c8849c844eb0241
                                      • Opcode Fuzzy Hash: c63b9bc7167c365894c027d43b48a2d8243682c3d3cbe18f02cb6d35fe63f7a8
                                      • Instruction Fuzzy Hash: C6517871900228EFCB14EF94CD85B9DB7B4BF44314F1441AAE509B7292DB30AE89CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DF678B Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 121COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: String$Free_wcslen$H_prolog3_
                                      • String ID: Hg
                                      • API String ID: 3994569588-2086912500
                                      • Opcode ID: d4eb59b2f3ff574d386cf432b157598532daef998b61daa59bca53ce5a1aae8b
                                      • Instruction ID: 4e2cdd48e10002879779538fd5e56b668dd8c30e7f73b49b9e1e1480a4507256
                                      • Opcode Fuzzy Hash: d4eb59b2f3ff574d386cf432b157598532daef998b61daa59bca53ce5a1aae8b
                                      • Instruction Fuzzy Hash: EA518C70C042199FDB24DFA4C885BADBBB0FF04350F24829DE565A32D2DB709A45CF60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E52650 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 120COMMON
                                      Download Yara Rule
                                      APIs
                                      • _ValidateLocalCookies.LIBCMT ref: 00E52687
                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 00E5268F
                                      • _ValidateLocalCookies.LIBCMT ref: 00E52718
                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 00E52743
                                      • _ValidateLocalCookies.LIBCMT ref: 00E52798
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                      • String ID: @$$csm
                                      • API String ID: 1170836740-3618318445
                                      • Opcode ID: 28971fe66fcc46aa49eb1618a5f1d97033f8602fbc8df7ae6079dacb13a7e1c5
                                      • Instruction ID: 3ccf46eeff024901219273752a35c50967b29d8c4ccaf77d66a0312ca3617821
                                      • Opcode Fuzzy Hash: 28971fe66fcc46aa49eb1618a5f1d97033f8602fbc8df7ae6079dacb13a7e1c5
                                      • Instruction Fuzzy Hash: B341C734A002189FCF10DF68C881A9EBBF5FF45315F14995AED157B352D7B1AA09CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E22810 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 120COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E2281A
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                        • Part of subcall function 00DE6B40: GetLastError.KERNEL32(7B1078F4), ref: 00DE6B91
                                        • Part of subcall function 00DE6B40: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE6C0A
                                      • _wcslen.LIBCMT ref: 00E228CE
                                      • _wcslen.LIBCMT ref: 00E22917
                                        • Part of subcall function 00DFC203: __EH_prolog3_GS.LIBCMT ref: 00DFC20D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3__wcslen
                                      • String ID: %s: %s$Hg$Hg$Pg
                                      • API String ID: 754474099-2021535704
                                      • Opcode ID: 5a1c3618c26c4bab21c8f393f03781e36cb9c16cee5225f5228d274b7b89c883
                                      • Instruction ID: b68475a87fa76cc93d463e2cba3e699af5cf4b372df2ecaec06303dc7181e643
                                      • Opcode Fuzzy Hash: 5a1c3618c26c4bab21c8f393f03781e36cb9c16cee5225f5228d274b7b89c883
                                      • Instruction Fuzzy Hash: 79418C30900659EFDB18EBA0D995BEDB7B8EF54304F10419EE509B7192DB70AF49CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E1E580 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 112COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E1E58A
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                        • Part of subcall function 00E11754: __EH_prolog3.LIBCMT ref: 00E1175B
                                        • Part of subcall function 00DFC203: __EH_prolog3_GS.LIBCMT ref: 00DFC20D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorH_prolog3_Last$H_prolog3
                                      • String ID: %s: %s$C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}$Hg$Hg$Pg$Pg
                                      • API String ID: 3076002782-3087872891
                                      • Opcode ID: 12b0fa2f167980889daee563b3dec4cc1e1873ef6fd92bf3bd1f2bec026c7217
                                      • Instruction ID: 300b7006e5fc461779ec74cfc85500fa670d33e0d32579ead9d892f8fd81bdda
                                      • Opcode Fuzzy Hash: 12b0fa2f167980889daee563b3dec4cc1e1873ef6fd92bf3bd1f2bec026c7217
                                      • Instruction Fuzzy Hash: 65416C30901298DFDF14EBA4C989BDDBBB4EF51304F54459AE449B7282DB706B48CBB1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DFA31E Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 93stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: wsprintf$lstrlen
                                      • String ID: %s%s$ftp://$http://$https://
                                      • API String ID: 217384638-620530764
                                      • Opcode ID: dc1b66364d0253ca6f6372ffa8d02d8bd31aa10d55af14b44861b804e16f9969
                                      • Instruction ID: cb8db82961df728c76e164a8959077b937d9ed355fac5527ccc5ce2db4b47c1e
                                      • Opcode Fuzzy Hash: dc1b66364d0253ca6f6372ffa8d02d8bd31aa10d55af14b44861b804e16f9969
                                      • Instruction Fuzzy Hash: 84210775A00309AACB00BFAD8C429BFB7F8EF45710B559456FA09FB281EA30D945C770
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3F155 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 87libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E3F15F
                                      • GetModuleHandleW.KERNEL32(Ntdll.dll,NtQueryInformationProcess,?,00000400,?,000004A0,00E3F143,00000000), ref: 00E3F18F
                                      • GetProcAddress.KERNEL32(00000000), ref: 00E3F196
                                      • OpenProcess.KERNEL32(00000400,00000000,?), ref: 00E3F1C2
                                      • _wcslen.LIBCMT ref: 00E3F23A
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorFreeLastString$AddressH_prolog3_HandleModuleOpenProcProcess_wcslen
                                      • String ID: NtQueryInformationProcess$Ntdll.dll
                                      • API String ID: 1328632759-801751246
                                      • Opcode ID: 75847e81a76af89c769275500bb307599d3b731dc7028212ae60e8453c0e8099
                                      • Instruction ID: ee251541f1ee568566711c746d56a1206ae0ac51177a2e9c200bc50c693fa906
                                      • Opcode Fuzzy Hash: 75847e81a76af89c769275500bb307599d3b731dc7028212ae60e8453c0e8099
                                      • Instruction Fuzzy Hash: EB313EB19002299ADB20EB60CC49BDEB7B8AF44304F4054E5AB0DB7192DB705F88CF69
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3F62A Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 82COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E3F631
                                        • Part of subcall function 00DF0617: __EH_prolog3.LIBCMT ref: 00DF061E
                                        • Part of subcall function 00DF0617: GetLastError.KERNEL32(00000004,00DF0837,?,00000000,00000004,00DFB8B4,?,00000001,0000006C,00DFC2A9,?,?,.ini,Hg,%ld,?), ref: 00DF0640
                                        • Part of subcall function 00DF0617: SetLastError.KERNEL32(?,?), ref: 00DF0678
                                        • Part of subcall function 00E3FBEA: __EH_prolog3.LIBCMT ref: 00E3FBF1
                                        • Part of subcall function 00DF070A: __EH_prolog3.LIBCMT ref: 00DF0711
                                        • Part of subcall function 00DF070A: GetLastError.KERNEL32(00000004,00DE4709,00E965D4,?,00000000), ref: 00DF0733
                                        • Part of subcall function 00DF070A: SetLastError.KERNEL32(?,?,?), ref: 00DF0774
                                        • Part of subcall function 00DF088A: __EH_prolog3_GS.LIBCMT ref: 00DF0891
                                        • Part of subcall function 00E3E5F5: __EH_prolog3_GS.LIBCMT ref: 00E3E5FF
                                        • Part of subcall function 00E3E5F5: CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000000,?,00EBEED0,00E3F710,?,00000000), ref: 00E3E71A
                                        • Part of subcall function 00E3E5F5: GetLastError.KERNEL32 ref: 00E3E735
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3H_prolog3_$FreeString$CreateProcess
                                      • String ID: /REGSERVER$ /UNREGSERVER$Hg$Pg$P$open
                                      • API String ID: 4253389391-2765560403
                                      • Opcode ID: b824c66ada25584427b44f8dcbd38a23234b79d077e0fa660de9753cff2f6f90
                                      • Instruction ID: 94587e5111f61908a594228313f8a1c25becfa35aa8c1477b09776c985d248a4
                                      • Opcode Fuzzy Hash: b824c66ada25584427b44f8dcbd38a23234b79d077e0fa660de9753cff2f6f90
                                      • Instruction Fuzzy Hash: F33173B1D10348ABEB14EBA4C8577ACBFB8AF94700F144159F9047B3C2D7B55A06CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E06F26 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 81COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E06F30
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeString$H_prolog3_
                                      • String ID: Hg$Hg$Hg$Pg$Pg$Startup
                                      • API String ID: 2549205776-3212002685
                                      • Opcode ID: 4b8dad0f54128c490b72f3431253dbfcd5e7f11dce76c258fd0140377d127f4c
                                      • Instruction ID: 65c7f55679b1da9391996e2ae86b631ea46dc1ac805aabcbe1500dfa2a20c5a4
                                      • Opcode Fuzzy Hash: 4b8dad0f54128c490b72f3431253dbfcd5e7f11dce76c258fd0140377d127f4c
                                      • Instruction Fuzzy Hash: 2D315771D00268EFDB10EB90CC86BDDB7B8BF55314F50419AE48AB7281DB706E49CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E21275 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 81timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E2127C
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                      • GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000060,00E04EC0,?), ref: 00E21331
                                      • SystemTimeToVariantTime.OLEAUT32(?,?), ref: 00E21347
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Time$ErrorLast$H_prolog3_LocalSystemVariant
                                      • String ID: ExpireDate$Hg$Pg$Startup
                                      • API String ID: 1054883912-4176930816
                                      • Opcode ID: 674994d86bb31ad8acb068e9a80efbc0201a84c07d2e728959155b102e1817be
                                      • Instruction ID: 62ad3d7c646582a467abf5b61aedd87c142667dd1ac7dbc66b43e89b471d7947
                                      • Opcode Fuzzy Hash: 674994d86bb31ad8acb068e9a80efbc0201a84c07d2e728959155b102e1817be
                                      • Instruction Fuzzy Hash: 82316AB1C002489FCB01EFE4C889ACDBBF8EF14304F60046AE159BB195EB744549CB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3C39B Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00E3C3A2
                                      • GetModuleHandleW.KERNEL32(kernel32.dll,DeleteFileW,00000004,00E3C48D,?,00000000,00000000), ref: 00E3C3B7
                                      • GetProcAddress.KERNEL32(00000000), ref: 00E3C3BE
                                        • Part of subcall function 00DF0617: __EH_prolog3.LIBCMT ref: 00DF061E
                                        • Part of subcall function 00DF0617: GetLastError.KERNEL32(00000004,00DF0837,?,00000000,00000004,00DFB8B4,?,00000001,0000006C,00DFC2A9,?,?,.ini,Hg,%ld,?), ref: 00DF0640
                                        • Part of subcall function 00DF0617: SetLastError.KERNEL32(?,?), ref: 00DF0678
                                      • GetLastError.KERNEL32 ref: 00E3C3FD
                                        • Part of subcall function 00E3FB91: __EH_prolog3_GS.LIBCMT ref: 00E3FB98
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3$AddressH_prolog3_HandleModuleProc
                                      • String ID: DeleteFileW$Pg$kernel32.dll
                                      • API String ID: 2400663618-488285687
                                      • Opcode ID: fc96adb311f9711b4c38ee7074e2415d08d07d7dba4d99a0a126ddb0c6d5ad67
                                      • Instruction ID: 19621155fa0315b00290a3744e93575be344e61894315b51ea969d449b55e8b6
                                      • Opcode Fuzzy Hash: fc96adb311f9711b4c38ee7074e2415d08d07d7dba4d99a0a126ddb0c6d5ad67
                                      • Instruction Fuzzy Hash: 7D01D1B2901604EBCF10BFA4C81E65E7BA4AF44309F405169F819F7201DB70C904C7A1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DFC5BC Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 27COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_
                                      • String ID: Wiz$Inst$allS$ard$d$hiel
                                      • API String ID: 2427045233-3898594558
                                      • Opcode ID: 2999177a7640421eb697abdda12d9ead7c0f6949499df50e6c8256bdacc921c0
                                      • Instruction ID: ac208d98bd9deda4110ba8998637877e26ae9b94d10b6152ba1fa3039fd3ecf5
                                      • Opcode Fuzzy Hash: 2999177a7640421eb697abdda12d9ead7c0f6949499df50e6c8256bdacc921c0
                                      • Instruction Fuzzy Hash: F6F0E2B1D0125C9ADB00DF95D4855DEFFB5FB08710F94A01AE504BB341C7B59A48CBA9
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E4433F Relevance: 12.2, APIs: 8, Instructions: 175COMMON
                                      Download Yara Rule
                                      APIs
                                      • QueryPerformanceCounter.KERNEL32(000000FF,00E86F40,00000002,00000001,000000FF,00000000,0000008C,?,00EAD838), ref: 00E44396
                                      • GetTickCount.KERNEL32 ref: 00E4439E
                                      • ResetEvent.KERNEL32(?), ref: 00E443AE
                                      • QueryPerformanceCounter.KERNEL32(?), ref: 00E44401
                                      • GetTickCount.KERNEL32 ref: 00E4440F
                                      • __alldvrm.LIBCMT ref: 00E44480
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E444A8
                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E444CD
                                        • Part of subcall function 00E446F7: GetTickCount.KERNEL32 ref: 00E4470B
                                        • Part of subcall function 00E446F7: GetTickCount.KERNEL32 ref: 00E44737
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CountTick$CounterPerformanceQueryUnothrow_t@std@@@__ehfuncinfo$??2@$EventReset__alldvrm
                                      • String ID:
                                      • API String ID: 3317835756-0
                                      • Opcode ID: 41cfd88634595a14ee8418ab40ffc158ff98701789c306561dc19fa1fa7c9a4b
                                      • Instruction ID: 0a7ebe2aff637c05142da0b048c8e0eff1e54559db358f0295d00fc0f5bf59dc
                                      • Opcode Fuzzy Hash: 41cfd88634595a14ee8418ab40ffc158ff98701789c306561dc19fa1fa7c9a4b
                                      • Instruction Fuzzy Hash: C05179B1A002049FDF14CFA9D884B9E7BF9EF88714F1481A9E808EB295D734DD41CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE72B0 Relevance: 12.1, APIs: 8, Instructions: 125COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00DE77F0: GetLastError.KERNEL32(7B1078F4,?,00000000), ref: 00DE7834
                                        • Part of subcall function 00DE77F0: SetLastError.KERNEL32(00000000,?,?,00000000), ref: 00DE7906
                                      • GetLastError.KERNEL32(?,?,000000FF,?,00000001,00000000,?,00000001,7B1078F4), ref: 00DE738F
                                      • SysFreeString.OLEAUT32(?), ref: 00DE73A5
                                      • SysFreeString.OLEAUT32(?), ref: 00DE73B4
                                      • SetLastError.KERNEL32(?), ref: 00DE73D8
                                      • GetLastError.KERNEL32 ref: 00DE73E7
                                      • SysFreeString.OLEAUT32(?), ref: 00DE73FD
                                      • SysFreeString.OLEAUT32(?), ref: 00DE740C
                                      • SetLastError.KERNEL32(?), ref: 00DE7430
                                        • Part of subcall function 00DE7CB0: GetLastError.KERNEL32(?,00000001,7B1078F4,?), ref: 00DE7D10
                                        • Part of subcall function 00DE7CB0: SetLastError.KERNEL32(?,?,00000001,7B1078F4,?), ref: 00DE7D47
                                        • Part of subcall function 00DE7460: GetLastError.KERNEL32(7B1078F4,?,?,?,?,00E698DD,000000FF,?,00DE6F22,?,00000000,00000002), ref: 00DE7497
                                        • Part of subcall function 00DE7460: SetLastError.KERNEL32(?,?,00000000,?,?,?,00E698DD,000000FF,?,00DE6F22,?,00000000,00000002), ref: 00DE7508
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeString
                                      • String ID:
                                      • API String ID: 2425351278-0
                                      • Opcode ID: 6fee666466fc7057c1167f5c809467f5718b3f4eba610f469148db41a3641926
                                      • Instruction ID: 85de2efca537d4185ddb5ccba161e922a76762e4a03d590c5b31c48728b654fe
                                      • Opcode Fuzzy Hash: 6fee666466fc7057c1167f5c809467f5718b3f4eba610f469148db41a3641926
                                      • Instruction Fuzzy Hash: 59514731900248EFDF15EFA9DC49BADBBB5FF04308F544069E516A72A1DB71A909CB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E4D5E0 Relevance: 12.1, APIs: 8, Instructions: 106windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetDC.USER32(00000000), ref: 00E4D661
                                      • SelectPalette.GDI32(00000000,?,00000000), ref: 00E4D67E
                                      • RealizePalette.GDI32(?), ref: 00E4D693
                                      • CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 00E4D6B0
                                      • SelectPalette.GDI32(00000000,00000000,00000000), ref: 00E4D6BC
                                      • ReleaseDC.USER32(00000000,00000000), ref: 00E4D6C5
                                      • CreateDIBitmap.GDI32(00000000,?,00000004,00000000,?,00000000), ref: 00E4D6DF
                                      • ReleaseDC.USER32(00000000,?), ref: 00E4D6ED
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Palette$BitmapCreateReleaseSelect$Realize
                                      • String ID:
                                      • API String ID: 3028357666-0
                                      • Opcode ID: 611cdb624d8f1a8c38898e6daa738eec8ca801264be26ffb04c60c5c5f0fd1ab
                                      • Instruction ID: 4d83c4438693c97d5bc776bcd62474fa383f62ec1f66f2fc97382dddd90f2aac
                                      • Opcode Fuzzy Hash: 611cdb624d8f1a8c38898e6daa738eec8ca801264be26ffb04c60c5c5f0fd1ab
                                      • Instruction Fuzzy Hash: 1231B671604204EFE7108F69EC88BA6BBB8FB08315F544195FA0DEB290C775EC54CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E1B692 Relevance: 12.1, APIs: 8, Instructions: 99libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_catch_GS.LIBCMT ref: 00E1B69C
                                      • LoadLibraryExW.KERNEL32(?,00000000,00000060,00000424,00E1C0DF,?,00000000,?,00000000,00000004,00E1C6B9,?,?,?,REGISTRY,?), ref: 00E1B6DB
                                      • LoadLibraryExW.KERNEL32(?,00000000,00000002), ref: 00E1B6F1
                                      • FindResourceW.KERNEL32(00000000,?,?), ref: 00E1B71C
                                      • LoadResource.KERNEL32(00000000,00000000), ref: 00E1B734
                                      • SizeofResource.KERNEL32(00000000,00000000), ref: 00E1B746
                                        • Part of subcall function 00E1AC90: GetLastError.KERNEL32(00E1B72D), ref: 00E1AC90
                                      • FreeLibrary.KERNEL32(00000000), ref: 00E1B7EA
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: LibraryLoadResource$ErrorFindFreeH_prolog3_catch_LastSizeof
                                      • String ID:
                                      • API String ID: 1818814483-0
                                      • Opcode ID: 7646562cb5af80c78cdd506960f749f415a92f36002ab08fa92373e21defcfa2
                                      • Instruction ID: fd78bd6cb1d3a5d723e0702e68b2b44f0143202a97976799d759d9f066d7abe9
                                      • Opcode Fuzzy Hash: 7646562cb5af80c78cdd506960f749f415a92f36002ab08fa92373e21defcfa2
                                      • Instruction Fuzzy Hash: 26417EB19016299FCB229F158C84BEDBAB5AF48350F5091E9F509B7291DB304EC4CFA9
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E34D87 Relevance: 12.1, APIs: 8, Instructions: 89COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00E34D8E
                                        • Part of subcall function 00DF0809: __EH_prolog3.LIBCMT ref: 00DF0810
                                        • Part of subcall function 00E3C4A5: __EH_prolog3_GS.LIBCMT ref: 00E3C4AF
                                      • LoadImageW.USER32(00000000,?,00000000,00000000,00000000,00000010), ref: 00E34DE4
                                      • GetDC.USER32(00000000), ref: 00E34E15
                                      • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00E34E20
                                      • GetDeviceCaps.GDI32(00000000,0000000E), ref: 00E34E2B
                                      • ReleaseDC.USER32(00000000,00000000), ref: 00E34E37
                                      • CreateDialogParamW.USER32(?,0000006C,00000000,Function_00054EA0,00000000), ref: 00E34E63
                                      • SetForegroundWindow.USER32(00000000), ref: 00E34E6D
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CapsDeviceH_prolog3$CreateDialogForegroundH_prolog3_ImageLoadParamReleaseWindow
                                      • String ID:
                                      • API String ID: 2034763720-0
                                      • Opcode ID: 83d896d38ff9da61d299f492959987af17c6056c1c4341715a9b7ccf1550a61a
                                      • Instruction ID: 774486be823ca67ad3822e013b3883b9e6f8d3ff475484cc376eb2aa86cfed6b
                                      • Opcode Fuzzy Hash: 83d896d38ff9da61d299f492959987af17c6056c1c4341715a9b7ccf1550a61a
                                      • Instruction Fuzzy Hash: 62319175600204EFDB10AF66DD49EAE7FBCFB44715F009129F855BB2A1DB709904CB61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DFCFA2 Relevance: 12.1, APIs: 8, Instructions: 73windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DFCFA9
                                      • CreateCompatibleDC.GDI32(?), ref: 00DFCFBE
                                      • SelectObject.GDI32(00000000,?), ref: 00DFCFD2
                                      • SetStretchBltMode.GDI32(?,00000004), ref: 00DFD003
                                      • StretchBlt.GDI32(?,?,?,?,?,00000000,?,?,?,?,00CC0020), ref: 00DFD02F
                                      • SetStretchBltMode.GDI32(?,00000000), ref: 00DFD039
                                      • BitBlt.GDI32(?,?,?,?,?,00000000,00000000,00000000,00CC0020), ref: 00DFD054
                                      • DeleteDC.GDI32(00000000), ref: 00DFD06B
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Stretch$Mode$CompatibleCreateDeleteH_prolog3ObjectSelect
                                      • String ID:
                                      • API String ID: 803813769-0
                                      • Opcode ID: 1902afcbc852dd77ee530ecc2e76f90b31eb5b136332c37b0d0564f9342a1cce
                                      • Instruction ID: 59941e01f3423f723b4b12b3c9b6c501f6482418f17d5afb1829e140725ca261
                                      • Opcode Fuzzy Hash: 1902afcbc852dd77ee530ecc2e76f90b31eb5b136332c37b0d0564f9342a1cce
                                      • Instruction Fuzzy Hash: 9E212C32500209EFCF118F55DC44DAE7F76FF49720F158219FA29AA1A1CB718961EFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E4C0B0 Relevance: 12.1, APIs: 8, Instructions: 67COMMON
                                      Download Yara Rule
                                      APIs
                                      • BeginPaint.USER32(?,?,?), ref: 00E4C0CA
                                      • CreateSolidBrush.GDI32(?), ref: 00E4C0DA
                                      • GetClientRect.USER32(?,?), ref: 00E4C0EA
                                      • FillRect.USER32(?,?,00000000), ref: 00E4C0FC
                                      • DeleteObject.GDI32(00000000), ref: 00E4C10C
                                      • FillRect.USER32(?,?,00000000), ref: 00E4C11A
                                      • EnumChildWindows.USER32(?,Function_0006B4E0,?), ref: 00E4C146
                                      • EndPaint.USER32(?,?), ref: 00E4C153
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Rect$FillPaint$BeginBrushChildClientCreateDeleteEnumObjectSolidWindows
                                      • String ID:
                                      • API String ID: 1266019194-0
                                      • Opcode ID: 1442733f1e36f30a47823dc28d20af756e61a22cac690f5e7e2106860032142b
                                      • Instruction ID: 0fac3adf3390cef5193d35a73170e66740f261b809a4a455e63ffba918a14b54
                                      • Opcode Fuzzy Hash: 1442733f1e36f30a47823dc28d20af756e61a22cac690f5e7e2106860032142b
                                      • Instruction Fuzzy Hash: C6213E72501809EFCB10DFA5ED4ADAEBBB9FB08305B204211F41AF7561DB34AD19CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DFAF5E Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 335COMMON
                                      Download Yara Rule
                                      APIs
                                      • wsprintfW.USER32 ref: 00DFB01E
                                      • GetLastError.KERNEL32(?,?,80400100), ref: 00DFB0F6
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLastwsprintf
                                      • String ID: Referer: %s$dwplayer
                                      • API String ID: 2587402804-1303060843
                                      • Opcode ID: 37fe98e8c273f71bb4fc3393a72b7fce66c2557b2d3744e13c696f283ed47dd6
                                      • Instruction ID: 128469d5eb3ae898ab825d9c66100011f791d399a03fba76bb323d2766f6f2e2
                                      • Opcode Fuzzy Hash: 37fe98e8c273f71bb4fc3393a72b7fce66c2557b2d3744e13c696f283ed47dd6
                                      • Instruction Fuzzy Hash: F2D16C71E042A8DFDB25DB24C8447EDBBF1AB44310F1581DAE589A7281DBB46EC9CF60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E1A72C Relevance: 10.8, APIs: 7, Instructions: 259COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00E1B055: CharNextW.USER32(00000000,?,00000000,00000000,?,?,00000001), ref: 00E1B08D
                                        • Part of subcall function 00E1B055: CharNextW.USER32(00000000,?,00000000,00000000,?,?,00000001), ref: 00E1B0B2
                                        • Part of subcall function 00E1B055: CharNextW.USER32(00000000,?,00000000,00000000,?,?,00000001), ref: 00E1B0C0
                                        • Part of subcall function 00E1C6C4: lstrcmpiW.KERNEL32(00E96580,00E96580), ref: 00E1C6CF
                                      • _wcslen.LIBCMT ref: 00E1A81D
                                      • CharNextW.USER32(?,-00000002,?,?,7B1078F4,?,00000000,?,?,?,00E78DFF,000000FF,?,00E1BA86,?,?), ref: 00E1A878
                                      • CharNextW.USER32(00000000,?,00E1BA86,?,?,?,?,?), ref: 00E1A892
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CharNext$_wcslenlstrcmpi
                                      • String ID:
                                      • API String ID: 1203703895-0
                                      • Opcode ID: 30121487d2c5aedc5cdd1d6eea86dd4a6d7960f92f6ffab46994f3d72cdc8d25
                                      • Instruction ID: 246833ebd46116fc33db761d570967610eb365bdd72d15f03858af46417ee4e2
                                      • Opcode Fuzzy Hash: 30121487d2c5aedc5cdd1d6eea86dd4a6d7960f92f6ffab46994f3d72cdc8d25
                                      • Instruction Fuzzy Hash: 08A1AB71901228DADB25DF64CD89AEDB7B9AF28310F1451BAE609F3190D7308ED4DFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E42DA0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 243COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E42DAA
                                        • Part of subcall function 00DF56A6: __EH_prolog3_catch.LIBCMT ref: 00DF56AD
                                      • GetLastError.KERNEL32 ref: 00E430CA
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorH_prolog3_H_prolog3_catchLast
                                      • String ID: 0$Hg$Pg$Pg
                                      • API String ID: 3399774530-2371116685
                                      • Opcode ID: 1f4ac5c0774a9684d90129b174a5f7bae95460154a174e96b1f160b20d382227
                                      • Instruction ID: c7a59fc2ab503e47063005a1c5b189ef35ab9246227964b83229bf93a3fb03d1
                                      • Opcode Fuzzy Hash: 1f4ac5c0774a9684d90129b174a5f7bae95460154a174e96b1f160b20d382227
                                      • Instruction Fuzzy Hash: 95B18F71900259DFCB21EF64C885BEDBBB4BF14304F5451E9E949B7242EB30AA88DF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E42370 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 219COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E4237A
                                        • Part of subcall function 00DF0617: __EH_prolog3.LIBCMT ref: 00DF061E
                                        • Part of subcall function 00DF0617: GetLastError.KERNEL32(00000004,00DF0837,?,00000000,00000004,00DFB8B4,?,00000001,0000006C,00DFC2A9,?,?,.ini,Hg,%ld,?), ref: 00DF0640
                                        • Part of subcall function 00DF0617: SetLastError.KERNEL32(?,?), ref: 00DF0678
                                        • Part of subcall function 00E41F24: __EH_prolog3_GS.LIBCMT ref: 00E41F2B
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3_$H_prolog3
                                      • String ID: Hg$Hg$Pg$Pg$Pg
                                      • API String ID: 532146472-2668264881
                                      • Opcode ID: de1948f7292ad46e4211fc2f7e92dc41c03d66480af79353d2bc396486770066
                                      • Instruction ID: 6eb8676476dc7050ad905568a34f91d14fed1eeac6dda9321e46911cc7351e1d
                                      • Opcode Fuzzy Hash: de1948f7292ad46e4211fc2f7e92dc41c03d66480af79353d2bc396486770066
                                      • Instruction Fuzzy Hash: E8914B71C0021CDFCB24EBA4D891ADDB7B8EF55304F50819AE559B3251EB306E89CF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E0CAFC Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 158stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E0CB06
                                      • lstrcpyW.KERNEL32(?,00E965D4), ref: 00E0CB7A
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorFreeLastString$H_prolog3_lstrcpy
                                      • String ID: Hg$Hg$Pg$SELECT * FROM `Property` WHERE `Property`='ProductVersion'
                                      • API String ID: 1277061545-3423003307
                                      • Opcode ID: 7f177851b78481bba90e4efb3295ab73f7c595b28603f0b2bc10f09a40290af9
                                      • Instruction ID: 49060b1e496c2552c95e2ae16ebbe520a41836caa5197b7a4afbaea479acb5a3
                                      • Opcode Fuzzy Hash: 7f177851b78481bba90e4efb3295ab73f7c595b28603f0b2bc10f09a40290af9
                                      • Instruction Fuzzy Hash: 4E714870C05258DADB25EBA4C98979DBBF4FF11304F6491E9E049B7291CF708A89CF91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3CA3D Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 120COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E3CA44
                                        • Part of subcall function 00DF4217: __EH_prolog3_GS.LIBCMT ref: 00DF421E
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                      • GetLastError.KERNEL32 ref: 00E3CB42
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeH_prolog3_String
                                      • String ID: Hg$Pg$Pg$P
                                      • API String ID: 2608676048-78752755
                                      • Opcode ID: 295ce8155e3f679f4e1692664ab06d62a68f3f47e785b5ec08063e3c581cdb50
                                      • Instruction ID: a06c9222da75b092a13bcb2e56b9c5c5cea13d6d1ef06471eea7fd467ce26af3
                                      • Opcode Fuzzy Hash: 295ce8155e3f679f4e1692664ab06d62a68f3f47e785b5ec08063e3c581cdb50
                                      • Instruction Fuzzy Hash: 7A41847180024CDEDB14EFA4C88A9EDBBB8EF54308F20152EE416B7292DB709949CF60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E157AE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 120COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E157B8
                                        • Part of subcall function 00DFC203: __EH_prolog3_GS.LIBCMT ref: 00DFC20D
                                        • Part of subcall function 00E0463A: __EH_prolog3.LIBCMT ref: 00E04641
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      • SHBrowseForFolderW.SHELL32(?), ref: 00E15897
                                      • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00E158AF
                                      • SHGetMalloc.SHELL32(?), ref: 00E158BC
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorFreeH_prolog3_LastString$BrowseFolderFromH_prolog3ListMallocPath
                                      • String ID: Hg$Pg
                                      • API String ID: 4025082711-3911212948
                                      • Opcode ID: 44d3b52693626f441527610804f408512b94dcc9b47b42ecc00add45adba538e
                                      • Instruction ID: b6810cde35bbde1c49f6452f877218ee59bc2eeb8a4d05e9984811afc985e4f2
                                      • Opcode Fuzzy Hash: 44d3b52693626f441527610804f408512b94dcc9b47b42ecc00add45adba538e
                                      • Instruction Fuzzy Hash: F6511671900268DFDB20EB65CC49BDEB7F8BB44300F0481EAE589A7251DF709A85CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E0CDE7 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 114COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E0CDEE
                                        • Part of subcall function 00DF3FA5: _wcslen.LIBCMT ref: 00DF3FCD
                                        • Part of subcall function 00E16094: __EH_prolog3_GS.LIBCMT ref: 00E1609B
                                        • Part of subcall function 00DF5510: __EH_prolog3_GS.LIBCMT ref: 00DF5517
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_$ErrorFreeLastString$_wcslen
                                      • String ID: TRANSFORMS="$.mst$.mst"$TRANSFORMS=$TRANSFORMS="
                                      • API String ID: 3223037290-3238450747
                                      • Opcode ID: cbf4afbf8517ae9cc6c671f643c2f5d71d7bb4d84d0e89839305ed1032b0b2cb
                                      • Instruction ID: d73ae435a88e0855aae30482008906a96028801832e82af3f8635c6e1fc5686c
                                      • Opcode Fuzzy Hash: cbf4afbf8517ae9cc6c671f643c2f5d71d7bb4d84d0e89839305ed1032b0b2cb
                                      • Instruction Fuzzy Hash: DF41E471E00208AADF10EBB0CC42BFD7A69AF81324F355308F219B72D2DB709A098761
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E4E230 Relevance: 10.6, APIs: 7, Instructions: 98windowfileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • PlayMetaFile.GDI32(?,?), ref: 00E4DE09
                                      • DeleteDC.GDI32(00000000), ref: 00E4DE10
                                      • RestoreDC.GDI32(?,?), ref: 00E4DE1A
                                      • GetTickCount.KERNEL32 ref: 00E4E28F
                                      • BitBlt.GDI32(?,?,?,00000004,?,?,00000000,00000000,00CC0020), ref: 00E4E2CA
                                      • BitBlt.GDI32(?,?,?,00000004,?,?,00000000,00000000,00CC0020), ref: 00E4E2F3
                                      • GetTickCount.KERNEL32 ref: 00E4E310
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CountTick$DeleteFileMetaPlayRestore
                                      • String ID:
                                      • API String ID: 718445662-0
                                      • Opcode ID: 6d02585c4db0bb66f92d56db6ef21fac769b3976864955f2e105d151784fe3cf
                                      • Instruction ID: 20a81544d5caa4d887e215cece46fdaa522cbed6310d7a68b98a13b1d0db0912
                                      • Opcode Fuzzy Hash: 6d02585c4db0bb66f92d56db6ef21fac769b3976864955f2e105d151784fe3cf
                                      • Instruction Fuzzy Hash: 9631EE72E002099FCB158FA4EC4ABEEBBB9FF45314F284108E105BA2A0DB749940CB94
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E380D3 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 97processCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E380DD
                                        • Part of subcall function 00DE6B40: GetLastError.KERNEL32(7B1078F4), ref: 00DE6B91
                                        • Part of subcall function 00DE6B40: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE6C0A
                                      • CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000001,00000020,00000000,00000000,?,?), ref: 00E38199
                                      • WaitForInputIdle.USER32(?,000003E8), ref: 00E381D4
                                      Strings
                                      • Launch result %d, xrefs: 00E381B3
                                      • C:\CodeBases\isdev\Src\Runtime\MSI\Shared\Setup\utils.cpp, xrefs: 00E3813D
                                      • Attempting to launch (no wait): %s, xrefs: 00E38154
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$CreateH_prolog3_IdleInputProcessWait
                                      • String ID: Attempting to launch (no wait): %s$C:\CodeBases\isdev\Src\Runtime\MSI\Shared\Setup\utils.cpp$Launch result %d
                                      • API String ID: 3799299985-1553505847
                                      • Opcode ID: 1af548f03b6c88ef2c3f2e8f52265d158bf8e603045d5e4bd09e0123d4af8f6f
                                      • Instruction ID: 6608201c822a6a0a70cba6612ca2f0ec694e23787f268b1d988323ea943d3733
                                      • Opcode Fuzzy Hash: 1af548f03b6c88ef2c3f2e8f52265d158bf8e603045d5e4bd09e0123d4af8f6f
                                      • Instruction Fuzzy Hash: 52318FB1D01248AFDB14EBA0DC86EEEBB78EF14300F04446DF50AB7191EA705A09CB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E1ED31 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 97COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_
                                      • String ID: @o$C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}$Hg$Ho$Pg
                                      • API String ID: 2427045233-1904150006
                                      • Opcode ID: af3e0a378202137070062360da1be604b37c333dcaf05e16e7aa2277f8566e91
                                      • Instruction ID: 64c17aae9a43c0e2a3efa50241cc23c1654acd9e9278cb23778e5d3dc12faa39
                                      • Opcode Fuzzy Hash: af3e0a378202137070062360da1be604b37c333dcaf05e16e7aa2277f8566e91
                                      • Instruction Fuzzy Hash: 42418030901258EBDB20EBA0CD96FEDBBB5BF01304F249199E545B72C2DB709A49CB61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E47480 Relevance: 10.6, APIs: 4, Strings: 3, Instructions: 95COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(7B1078F4), ref: 00E474C5
                                      • SetLastError.KERNEL32(Pg,00E965D4,00E965D2), ref: 00E47538
                                      • GetLastError.KERNEL32(00000000,?), ref: 00E4756A
                                      • SetLastError.KERNEL32(?,?), ref: 00E475A2
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast
                                      • String ID: Hg$Pg$Pg
                                      • API String ID: 1452528299-4254811255
                                      • Opcode ID: 5bc0d0d69f8acb526ddde579094fd1cee6b5b85abd09aa51a2392f059f782d21
                                      • Instruction ID: acc4c591ef2aad76bfccccfd09d7b6dd5a6224cbb04aa4f32eef5e44a6165b03
                                      • Opcode Fuzzy Hash: 5bc0d0d69f8acb526ddde579094fd1cee6b5b85abd09aa51a2392f059f782d21
                                      • Instruction Fuzzy Hash: 364149B1900609EFCB04DF95D999B9EBBF4FF48318F10811AE809AB750DB34A904CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E4E332 Relevance: 10.6, APIs: 7, Instructions: 93windowfileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • PlayMetaFile.GDI32(?,?), ref: 00E4DE09
                                      • DeleteDC.GDI32(00000000), ref: 00E4DE10
                                      • RestoreDC.GDI32(?,?), ref: 00E4DE1A
                                      • GetTickCount.KERNEL32 ref: 00E4E37E
                                      • BitBlt.GDI32(?,?,?,?,00000002,?,00000000,00000000,00CC0020), ref: 00E4E3BA
                                      • BitBlt.GDI32(?,?,?,?,00000002,?,00000000,00000000,00CC0020), ref: 00E4E3E3
                                      • GetTickCount.KERNEL32 ref: 00E4E400
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CountTick$DeleteFileMetaPlayRestore
                                      • String ID:
                                      • API String ID: 718445662-0
                                      • Opcode ID: b199a3100b569891505d8a8cbb2284d6741b011177ae3b6e9f86f6483b2f1205
                                      • Instruction ID: 1ac47a17078483670c018882870dc3931ce88cd04b1c9dad704812005c858e06
                                      • Opcode Fuzzy Hash: b199a3100b569891505d8a8cbb2284d6741b011177ae3b6e9f86f6483b2f1205
                                      • Instruction Fuzzy Hash: C8319872A00609EFDB16CF94DC8ABEEBBB5FF44304F244069E505BA291DB71A944CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E4D2E0 Relevance: 10.6, APIs: 7, Instructions: 93fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,7B1078F4,?,?), ref: 00E4D32E
                                      • CreateFileMappingW.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000000,?,?), ref: 00E4D346
                                      • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000,?,?), ref: 00E4D35E
                                      • GetFileSize.KERNEL32(00000000,00000000,?,?,?), ref: 00E4D374
                                      • UnmapViewOfFile.KERNEL32(?,?,00000000,?,?), ref: 00E4D394
                                      • CloseHandle.KERNEL32(00000000,?,?), ref: 00E4D3AC
                                      • CloseHandle.KERNEL32(?,?,?), ref: 00E4D3C1
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: File$CloseCreateHandleView$MappingSizeUnmap
                                      • String ID:
                                      • API String ID: 1223616889-0
                                      • Opcode ID: 2831ee72dcef70da9d7881475fdc4bda079f504ceca363490c47c10150075fd6
                                      • Instruction ID: fb3bed16186fb84f44b62f9c15bc0c921f25eb0b9dd13ca0208fbae445b8bec1
                                      • Opcode Fuzzy Hash: 2831ee72dcef70da9d7881475fdc4bda079f504ceca363490c47c10150075fd6
                                      • Instruction Fuzzy Hash: 0A31A572645A04BFE7229F66DC49FAFBBB8EB45B14F104119F914B72D0CB709904CB61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E1ED47 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 88COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_
                                      • String ID: @o$C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}$Hg$Ho$Pg
                                      • API String ID: 2427045233-1904150006
                                      • Opcode ID: fa72065a4f6a34647a46291c480727a4042200029a1a69878465345f63cd1921
                                      • Instruction ID: a743b57a7058e7d385d4f866ff4f672d2f9d25dfcaf822c6115b4a572eac6277
                                      • Opcode Fuzzy Hash: fa72065a4f6a34647a46291c480727a4042200029a1a69878465345f63cd1921
                                      • Instruction Fuzzy Hash: AA316F30911258EBDB20EBA0DD96FEDBBB5FF01304F508199E505B72C2DB706A49CB61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3D6BE Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 81COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E3D6C5
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                        • Part of subcall function 00DF0617: __EH_prolog3.LIBCMT ref: 00DF061E
                                        • Part of subcall function 00DF0617: GetLastError.KERNEL32(00000004,00DF0837,?,00000000,00000004,00DFB8B4,?,00000001,0000006C,00DFC2A9,?,?,.ini,Hg,%ld,?), ref: 00DF0640
                                        • Part of subcall function 00DF0617: SetLastError.KERNEL32(?,?), ref: 00DF0678
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3H_prolog3_
                                      • String ID: Hg$InstalledProductName$Pg$Pg$Pg
                                      • API String ID: 852442433-1767260968
                                      • Opcode ID: 54cd28fae8b15ac5e53ff945b69fcad536aaa7930c067e177dbf655d1fe0e78d
                                      • Instruction ID: 71b7d7fb2a53fd2549fdb5def1346af046638a2ec2604b3c0997201529b1053c
                                      • Opcode Fuzzy Hash: 54cd28fae8b15ac5e53ff945b69fcad536aaa7930c067e177dbf655d1fe0e78d
                                      • Instruction Fuzzy Hash: 0E31E274D0425CDBDF10EFE4C8859EDBBB8BF58308F64825AE505B7242DBB06A49CB61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE4B50 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 71registrylibraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 00DE4B74
                                      • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 00DE4B92
                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,00000000), ref: 00DE4BCB
                                      • RegCloseKey.ADVAPI32(00000000), ref: 00DE4BDE
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: AddressCloseHandleModuleOpenProc
                                      • String ID: Advapi32.dll$RegOpenKeyTransactedW
                                      • API String ID: 823179699-3913318428
                                      • Opcode ID: cfbd41ad836028c2432213f2c0bd9212a02680a17c69552998578c38735cdd93
                                      • Instruction ID: e7f6bfeac65811e339f8b8343aa83526c7984c3b538e7ccd17a4d3273af4c60d
                                      • Opcode Fuzzy Hash: cfbd41ad836028c2432213f2c0bd9212a02680a17c69552998578c38735cdd93
                                      • Instruction Fuzzy Hash: 0E115172700205EFDF209F5ADC45F5ABBA8EF44751F1480A9F908E7150DB71E950D7A0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E49467 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32 ref: 00E494AA
                                      • SetLastError.KERNEL32(?,?), ref: 00E494E4
                                      • GetDlgItem.USER32(?,?), ref: 00E49529
                                      • DrawIcon.USER32(?,0AAAAAAA,?,?), ref: 00E49544
                                      • DeleteObject.GDI32(?), ref: 00E4959C
                                      • DeleteDC.GDI32(?), ref: 00E495A8
                                      • SetPropW.USER32(?,PROP_PSKIN,00000000), ref: 00E495B6
                                      • SetWindowLongW.USER32(?,000000FC,00E49620), ref: 00E495C5
                                      • InvalidateRect.USER32(?,00000000,00000000), ref: 00E495D7
                                      • UpdateWindow.USER32(?), ref: 00E495DF
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: DeleteErrorLastWindow$DrawIconInvalidateItemLongObjectPropRectUpdate
                                      • String ID: ALL$Pg
                                      • API String ID: 3542502600-2761254607
                                      • Opcode ID: c479e84a0ff03d0a7fc88c906b345930b09b0ed1201a23da3b088d30b6e9907f
                                      • Instruction ID: 574f6c8b74b99b8133c48c12a0b6182c639b982fe5094a5edb8b89dd1cb969c0
                                      • Opcode Fuzzy Hash: c479e84a0ff03d0a7fc88c906b345930b09b0ed1201a23da3b088d30b6e9907f
                                      • Instruction Fuzzy Hash: DE318C71900601DFDB22DF65D848B9ABBF2BF04308F1990A4E84DBB662D734ED54CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E033E8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E033F2
                                      • IsWindow.USER32(?), ref: 00E0340E
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                      • SendMessageW.USER32(?,00001074,?,?), ref: 00E034B8
                                      • SendMessageW.USER32(?,0000101E,00000000,000000FE), ref: 00E034C7
                                        • Part of subcall function 00DFC203: __EH_prolog3_GS.LIBCMT ref: 00DFC20D
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeH_prolog3_MessageSendString$Window
                                      • String ID: Hg$Pg
                                      • API String ID: 2791905285-3911212948
                                      • Opcode ID: 05fe3bfd349809cdec2c17a59479c6c6035bf5db275ec1f84b72202fcad8b186
                                      • Instruction ID: 2a02a7e9291847c3c5458da2ad192b43389e7fb569b05351a886452073abf5c8
                                      • Opcode Fuzzy Hash: 05fe3bfd349809cdec2c17a59479c6c6035bf5db275ec1f84b72202fcad8b186
                                      • Instruction Fuzzy Hash: 74218D71D0021CEFDB21DFA4D885ADEBBB8FF55314F20415AE856B7291DB709A88CB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E63414 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00E633D8: _free.LIBCMT ref: 00E63401
                                      • _free.LIBCMT ref: 00E63462
                                        • Part of subcall function 00E5FB45: HeapFree.KERNEL32(00000000,00000000,?,00E63406,?,00000000,?,00000000,?,00E6342D,?,00000007,?,?,00E6388F,?), ref: 00E5FB5B
                                        • Part of subcall function 00E5FB45: GetLastError.KERNEL32(?,?,00E63406,?,00000000,?,00000000,?,00E6342D,?,00000007,?,?,00E6388F,?,?), ref: 00E5FB6D
                                      • _free.LIBCMT ref: 00E6346D
                                      • _free.LIBCMT ref: 00E63478
                                      • _free.LIBCMT ref: 00E634CC
                                      • _free.LIBCMT ref: 00E634D7
                                      • _free.LIBCMT ref: 00E634E2
                                      • _free.LIBCMT ref: 00E634ED
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: _free$ErrorFreeHeapLast
                                      • String ID:
                                      • API String ID: 776569668-0
                                      • Opcode ID: 48ba9acc963dff26dd2bdc44dff5922f815acc95d0929ba5aedbc363dedc6592
                                      • Instruction ID: 2fd12fd300d3bf7db1c99a85bb4e0e0b540d97b53ee7c8751189a81ea5322b4e
                                      • Opcode Fuzzy Hash: 48ba9acc963dff26dd2bdc44dff5922f815acc95d0929ba5aedbc363dedc6592
                                      • Instruction Fuzzy Hash: 6F1181716C0B04FAD961BBB0DC0BFCBB7DD5F00742F406C24B6A97A152DEA4B6058750
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E1EB01 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 62COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • Hg, xrefs: 00E1EB26
                                      • Extracting setup.ini..., xrefs: 00E1EB51
                                      • Pg, xrefs: 00E1EB2C
                                      • C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}, xrefs: 00E1EBC4
                                      • C:\CodeBases\isdev\Src\Runtime\MSI\Shared\Setup\session.cpp, xrefs: 00E1EB34
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_
                                      • String ID: C:\CodeBases\isdev\Src\Runtime\MSI\Shared\Setup\session.cpp$C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}$Extracting setup.ini...$Hg$Pg
                                      • API String ID: 2427045233-1939126042
                                      • Opcode ID: 3fff7134fe3e190e9f614c184a0ac6581a067cd0d33b10c259088711d07c7b97
                                      • Instruction ID: f6785744978a2c40f614e15035440612ae83f75cf33b9fe3a32f7883477cc8ef
                                      • Opcode Fuzzy Hash: 3fff7134fe3e190e9f614c184a0ac6581a067cd0d33b10c259088711d07c7b97
                                      • Instruction Fuzzy Hash: EC21CF30A54348DFDB20EBA1DC46BDEBBB4BB40704F545129E106B72D2DBB0AA09CB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E093D6 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 58COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E093DD
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                        • Part of subcall function 00E202A8: __EH_prolog3_GS.LIBCMT ref: 00E202AF
                                      • GetTickCount.KERNEL32 ref: 00E09473
                                        • Part of subcall function 00E09388: GetTickCount.KERNEL32 ref: 00E093A3
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$CountFreeH_prolog3_StringTick
                                      • String ID: Hg$Pg$SplashTime$Startup
                                      • API String ID: 3850339018-3519328443
                                      • Opcode ID: 802daabf184a81ab83f6b7fcf6f9d4353eca8f26949ee19780a1f9970973f069
                                      • Instruction ID: 0b1c6f9858ebe31ac6472449f4dfc91ea891d656a23de50d01cbe5b6acb41cf4
                                      • Opcode Fuzzy Hash: 802daabf184a81ab83f6b7fcf6f9d4353eca8f26949ee19780a1f9970973f069
                                      • Instruction Fuzzy Hash: 0B219331D04258DFDB10EBA5C889B9EBBB8AB40310F601259E504B72D3DB745A49CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E1F22D Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 56COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E1F237
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                        • Part of subcall function 00E1F8BC: __EH_prolog3_GS.LIBCMT ref: 00E1F8C6
                                        • Part of subcall function 00E1FA16: __EH_prolog3_catch.LIBCMT ref: 00E1FA1D
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeH_prolog3_String$H_prolog3_catch
                                      • String ID: Hg$Hg$Pg$Pg$ProductLanguage
                                      • API String ID: 2885938503-2688384015
                                      • Opcode ID: a38aab9c83576d41e8c35f86b0d6051df3d33d4112542fc6a61f4347b9f29763
                                      • Instruction ID: 0a91af2200295b3994972933ccbd50b2cfbcc8b80291d588de48e62a78bdf484
                                      • Opcode Fuzzy Hash: a38aab9c83576d41e8c35f86b0d6051df3d33d4112542fc6a61f4347b9f29763
                                      • Instruction Fuzzy Hash: 7B216D71900258DFCF14EBA0CC56BDEBBB8BF92304F541199E045B3282DBB41B49CBA2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E22E1A Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 55COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_
                                      • String ID: This setup was created with a BETA VERSION of %s$ This setup was created with a EVALUATION VERSION of %s$Hg$Hg$Pg
                                      • API String ID: 2427045233-1436005470
                                      • Opcode ID: 8c5b4efac8d215f2b52891a1b4fdffc00725ec6dd417d7e9adfb9fe4719b6d04
                                      • Instruction ID: 636cedc4b3c3e92f7015e1e83d5a5fcb7c3c99dad26387de998dba4889ff0541
                                      • Opcode Fuzzy Hash: 8c5b4efac8d215f2b52891a1b4fdffc00725ec6dd417d7e9adfb9fe4719b6d04
                                      • Instruction Fuzzy Hash: 6B118E70900258AFEB25EFA0C886EADBBB5EB41318F10924DE540B72D1CB704E4ACB61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E38947 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CharNextW.USER32(?,00000001,?,C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}), ref: 00E38980
                                      • lstrcpyW.KERNEL32(?,00000000), ref: 00E3898E
                                      • CharNextW.USER32(?), ref: 00E389A4
                                      • CharPrevW.USER32(?,?), ref: 00E389B7
                                      • lstrcpyW.KERNEL32(?,?), ref: 00E389D0
                                      Strings
                                      • C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}, xrefs: 00E3895A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Char$Nextlstrcpy$Prev
                                      • String ID: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}
                                      • API String ID: 1912086007-1381452643
                                      • Opcode ID: 3f07a12537b3db632bf321091cc60f877f1489f434b3364c17b4093c15600088
                                      • Instruction ID: aab3c79f3f64716c2ed58f0c66fce0f7b6f609eb4b5dcee412829d7f046353c1
                                      • Opcode Fuzzy Hash: 3f07a12537b3db632bf321091cc60f877f1489f434b3364c17b4093c15600088
                                      • Instruction Fuzzy Hash: 99115EB2940218AECB52ABA4DD499AB77BCFF44345F009096E249A3050EE745E8CCBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E38D13 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNEL32(KERNEL32.DLL,00000000,?,00E38D8E,00E38CF1,00E3903C,00000100,?,-00000004,?,?,?,00E12E96,msi.dll,Hg,?), ref: 00E38D2A
                                      • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00E38D40
                                      • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00E38D55
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: AddressProc$HandleModule
                                      • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                      • API String ID: 667068680-1718035505
                                      • Opcode ID: 0333a1a7f99f75528e4fe28e78e4e3b9891aa1c2d10c3a91eeac09c815ad4d0b
                                      • Instruction ID: 59ac9cad3313e2ce4aa2b8e1658ffd0c488b3566cef6aa6faa4715abe6dbf4b7
                                      • Opcode Fuzzy Hash: 0333a1a7f99f75528e4fe28e78e4e3b9891aa1c2d10c3a91eeac09c815ad4d0b
                                      • Instruction Fuzzy Hash: 71F0A4327417229F4B711F656E8C6B72A8C6B627597946639F505F32C0EE64CC05D390
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DFA642 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 37COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DFA649
                                      • GetLastError.KERNEL32(00000004,00DFAB5E,?,00000000,00000004,00DFB1C7,?,00000001), ref: 00DFA66D
                                      • SetLastError.KERNEL32(?), ref: 00DFA698
                                      • SetLastError.KERNEL32(00000000), ref: 00DFA6C0
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: `y$hy
                                      • API String ID: 3502553090-3448722358
                                      • Opcode ID: 82aa854798db0bdc395029c3148fc7d7baa983a3f04e11978df7f64605f27ab0
                                      • Instruction ID: e50cef71a00440dfe132781c163d187e43135fb3b7630d4aae5836e1af62fcc9
                                      • Opcode Fuzzy Hash: 82aa854798db0bdc395029c3148fc7d7baa983a3f04e11978df7f64605f27ab0
                                      • Instruction Fuzzy Hash: DF110370904604CFDB05EF58D98AB59BBA0FB44318F15C198E999AF2A7C7B4DA04CB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE1065 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 33libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNEL32(KERNEL32), ref: 00DEEE7D
                                      • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00DEEE8B
                                      • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 00DEEEAC
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: AddressProc$HandleModule
                                      • String ID: KERNEL32$SetDllDirectoryW$SetSearchPathMode
                                      • API String ID: 667068680-4129897381
                                      • Opcode ID: e2edc876e5ff7aa6a684c472502c0ea95dd7f25bb087034dc94906823b11e3a5
                                      • Instruction ID: 10e25a5efa453a0609b52ab1711f89417f9dbadf97e94d0f05fb80def0d5df85
                                      • Opcode Fuzzy Hash: e2edc876e5ff7aa6a684c472502c0ea95dd7f25bb087034dc94906823b11e3a5
                                      • Instruction Fuzzy Hash: C8E06532742F70AFC3313736AC4C92F2A54DB81F553450126F90DB6290DF508C0557E0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E2CDFA Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 398fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E2CE04
                                        • Part of subcall function 00DE77F0: GetLastError.KERNEL32(7B1078F4,?,00000000), ref: 00DE7834
                                        • Part of subcall function 00DE77F0: SetLastError.KERNEL32(00000000,?,?,00000000), ref: 00DE7906
                                      • GetModuleHandleW.KERNEL32(?,?,00000001), ref: 00E2CFD8
                                        • Part of subcall function 00DE77F0: SysAllocStringLen.OLEAUT32(00000000,?), ref: 00DE78C0
                                      • CopyFileW.KERNEL32(?,00000004,00000000,?), ref: 00E2D161
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                        • Part of subcall function 00E2F2E3: __EH_prolog3.LIBCMT ref: 00E2F2EA
                                        • Part of subcall function 00E2F314: __EH_prolog3_GS.LIBCMT ref: 00E2F31E
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$String$FreeH_prolog3_$AllocCopyFileH_prolog3HandleModule
                                      • String ID: %$Pg
                                      • API String ID: 942554656-1980064975
                                      • Opcode ID: 8e2f4ddb4cce8212e9a2ad2c958a1d35cffa25a8f4b5ac8a2d101ba3d1ffed17
                                      • Instruction ID: fa01ccf60be8c1184f7cb9d98999bc7695daf81445d1376750e73d46b9e206ba
                                      • Opcode Fuzzy Hash: 8e2f4ddb4cce8212e9a2ad2c958a1d35cffa25a8f4b5ac8a2d101ba3d1ffed17
                                      • Instruction Fuzzy Hash: FDF19B3190526CEADF24EBA4EC99BEDB7B4AB15304F2051D9E109B7191DB309F88CF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E374DF Relevance: 9.1, APIs: 6, Instructions: 68stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • lstrlenW.KERNEL32(?,00000004,?,00000000,?,?,?,00E0B6F7,?), ref: 00E374F1
                                      • lstrcpyW.KERNEL32(00000000,?), ref: 00E37514
                                      • lstrcatW.KERNEL32(00000000,00E86F30), ref: 00E37520
                                      • lstrlenW.KERNEL32(00000000,?,?,?,00E0B6F7,?), ref: 00E37529
                                      • CreateDirectoryW.KERNEL32(00000000,00000000,?,?,?,00E0B6F7,?), ref: 00E37547
                                      • GetLastError.KERNEL32(?,?,?,00E0B6F7,?), ref: 00E37551
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: lstrlen$CreateDirectoryErrorLastlstrcatlstrcpy
                                      • String ID:
                                      • API String ID: 4043630017-0
                                      • Opcode ID: 7409c2460e6804df42d9b0bbf7a814f7464aa378b08a3eeaec675a5e79c97168
                                      • Instruction ID: 3b322cf9d69a6caa2a684e9944c50150550e5850fe0af9d91f7e400bf6a40166
                                      • Opcode Fuzzy Hash: 7409c2460e6804df42d9b0bbf7a814f7464aa378b08a3eeaec675a5e79c97168
                                      • Instruction Fuzzy Hash: 70119172614300BFEB245BB5EC4EA6EBAB8EF40764F20501DF549E51A0EBB58980C761
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E5297A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(00000000,00000000,00E52971,00E5206D,?,?,00E08522,00E08470,00E1FA2C,00000030,00E1F2B4,00000000,?,Hg,?), ref: 00E52988
                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00E52996
                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00E529AF
                                      • SetLastError.KERNEL32(00000000,?,00E08522,00E08470,00E1FA2C,00000030,00E1F2B4,00000000,?,Hg,?,?,?,?,?,ProductLanguage), ref: 00E52A01
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLastValue___vcrt_
                                      • String ID:
                                      • API String ID: 3852720340-0
                                      • Opcode ID: 95770e759ead4af6daf324bf3f6906683cf7deeb7626c277e78c4658028dec86
                                      • Instruction ID: 6880dd681bc09cb4c9c6fdb7b5f1ba54d275fc7b78b9c98c8c6fde9593b80e08
                                      • Opcode Fuzzy Hash: 95770e759ead4af6daf324bf3f6906683cf7deeb7626c277e78c4658028dec86
                                      • Instruction Fuzzy Hash: AB01DD3310E7116DB66516767C8A5572784FB437767301B3DFF24751E1EE524D0C9244
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E01618 Relevance: 9.1, APIs: 6, Instructions: 57windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E01678
                                      • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00E0168D
                                      • CloseHandle.KERNEL32(?), ref: 00E01699
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CloseHandleMessageMultipleObjectsPeekWait
                                      • String ID:
                                      • API String ID: 2837130844-0
                                      • Opcode ID: 55b47199dfb2f5a3bee547ad99bfe324c8c81ab73deabfecdebdb1f34dd39b43
                                      • Instruction ID: 25d1e9e68b816a55a6c18010b71a51cf5121d0e8bcedd3f2c32bdc05f2a53d00
                                      • Opcode Fuzzy Hash: 55b47199dfb2f5a3bee547ad99bfe324c8c81ab73deabfecdebdb1f34dd39b43
                                      • Instruction Fuzzy Hash: 0311A97260020AAFDB105FA5AC48AEABBADEF10399F144569F155B60D0DB728888CB51
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E60475 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(00DE75DB,?,00E54533,?,Hg,?,00E566FE,00DE75DB,?,?,00DE75DB,?), ref: 00E60479
                                      • _free.LIBCMT ref: 00E604AC
                                      • _free.LIBCMT ref: 00E604D4
                                      • SetLastError.KERNEL32(00000000,00DE75DB,?,?,00DE75DB,?), ref: 00E604E1
                                      • SetLastError.KERNEL32(00000000,00DE75DB,?,?,00DE75DB,?), ref: 00E604ED
                                      • _abort.LIBCMT ref: 00E604F3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$_free$_abort
                                      • String ID:
                                      • API String ID: 3160817290-0
                                      • Opcode ID: 78bf41e7229cfe26215d64b561d6a8fd0eb57d511e299da819d0c43f1c9e6db1
                                      • Instruction ID: 615155af08c99639c8fb3f5f0735d20eda7645e47904756b582b4a80b867332f
                                      • Opcode Fuzzy Hash: 78bf41e7229cfe26215d64b561d6a8fd0eb57d511e299da819d0c43f1c9e6db1
                                      • Instruction Fuzzy Hash: BCF0A9361C5E11ABC6773365BC0AB6F1AAA9FC17F5B246924FA38B2192EF6088064110
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E18E8B Relevance: 9.0, APIs: 6, Instructions: 27windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetDlgItem.USER32(00000000,00000000), ref: 00E18EA5
                                      • EnableWindow.USER32(00000000), ref: 00E18EAC
                                      • GetDlgItem.USER32(00000000,00000001), ref: 00E18EC3
                                      • EnableWindow.USER32(00000000), ref: 00E18ECA
                                      • GetDlgItem.USER32(00000000), ref: 00E18ED9
                                      • SetFocus.USER32(00000000), ref: 00E18EE0
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Item$EnableWindow$Focus
                                      • String ID:
                                      • API String ID: 864471436-0
                                      • Opcode ID: 46895729059bdcf331e8d2df8bd4b7c50f6c2bf7abe9780a98ffd94b12e8f8b7
                                      • Instruction ID: 5c7eb4221153acf302a9169ba97ac8adc3bec8150141bd2300deeac3e2c702ea
                                      • Opcode Fuzzy Hash: 46895729059bdcf331e8d2df8bd4b7c50f6c2bf7abe9780a98ffd94b12e8f8b7
                                      • Instruction Fuzzy Hash: 61F06236405649EFCB119FA2FD0CBAA3B6ABB0830AF584515F61A74071CB7598A8EB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E16E06 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 196COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E16E10
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                        • Part of subcall function 00E1768B: __EH_prolog3.LIBCMT ref: 00E17692
                                        • Part of subcall function 00E21470: __EH_prolog3_catch_GS.LIBCMT ref: 00E2147A
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                        • Part of subcall function 00DF5A0F: __EH_prolog3_GS.LIBCMT ref: 00DF5A16
                                        • Part of subcall function 00E1FCD9: __EH_prolog3_GS.LIBCMT ref: 00E1FCE0
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3_$FreeString$H_prolog3H_prolog3_catch_
                                      • String ID: Hg$Pg$ProductCode$UpgradeCode
                                      • API String ID: 3764184794-296150986
                                      • Opcode ID: ee87c743b60162525ae53dba660ac361ea763fd1372bc24e91f3058135de6776
                                      • Instruction ID: 897110c84e1974ba95e73f4fa9f11e7d441dad5fd5e638cfa2272a52578e5e91
                                      • Opcode Fuzzy Hash: ee87c743b60162525ae53dba660ac361ea763fd1372bc24e91f3058135de6776
                                      • Instruction Fuzzy Hash: 0781AC71905368DFDF24DB94C885BDDBBB9AF05304F1041DAE148B7281CB705E89CBA2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E0725A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 193COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E07264
                                        • Part of subcall function 00E066F2: RegOpenKeyExW.ADVAPI32(80000001,Software\InstallShield\ISWI\7.0\SetupExeLog,00000000,00000001,?), ref: 00E0670C
                                        • Part of subcall function 00E066F2: RegQueryValueExW.ADVAPI32(?,SetupLogFileName,00000000,00000000,00EBAED8,?), ref: 00E06732
                                        • Part of subcall function 00E066F2: RegCloseKey.ADVAPI32(?), ref: 00E0674D
                                        • Part of subcall function 00E1CC7C: __EH_prolog3_GS.LIBCMT ref: 00E1CC86
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorH_prolog3_Last$CloseOpenQueryValue
                                      • String ID: /f1$Hg$Pg$Setup.iss
                                      • API String ID: 1005202537-3534833689
                                      • Opcode ID: 3ad4fb2594825e69c85794af4660e064ec25111ec667f88edc785e98da84c9dc
                                      • Instruction ID: 4739ced3f1e29c6770f8c50c837fd19bea7e1afaedb7f2f63e1ba9d140b00e8f
                                      • Opcode Fuzzy Hash: 3ad4fb2594825e69c85794af4660e064ec25111ec667f88edc785e98da84c9dc
                                      • Instruction Fuzzy Hash: 4D918B70A05398DEDB10EB64C945BDDBBB4AF16304F1081D9E449B7682DB74AF84CF62
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E4D0A0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 179windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetWindowDC.USER32(00000000), ref: 00E4D200
                                      • CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 00E4D218
                                      • DeleteObject.GDI32 ref: 00E4D238
                                      • ReleaseDC.USER32(00000000,00000000), ref: 00E4D246
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: BitmapCreateDeleteObjectReleaseWindow
                                      • String ID: (
                                      • API String ID: 605900420-3887548279
                                      • Opcode ID: 29db8fdfbb52ac7e4b33c39d94ecab85701754ec243f24c42018dca157e5e48f
                                      • Instruction ID: 459a27a4a751c89a5efa0133e8022229edd75fbbc104480d382a1ec3775971b8
                                      • Opcode Fuzzy Hash: 29db8fdfbb52ac7e4b33c39d94ecab85701754ec243f24c42018dca157e5e48f
                                      • Instruction Fuzzy Hash: 947127B1E002189FDB24DFA5DC85BAEBBF4FF08304F104169E919BB282DB74A944CB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E21555 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 143COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_
                                      • String ID: Hg$Language$Pg$Pg
                                      • API String ID: 2427045233-875940938
                                      • Opcode ID: 287f1be556461378f116ee525ebf209d4cd0c7894242f000f142646a010d21b1
                                      • Instruction ID: cc3329f5348dd6c7760af692bfe7c5c4bc69830c263ec3771cce9dfa388d3a25
                                      • Opcode Fuzzy Hash: 287f1be556461378f116ee525ebf209d4cd0c7894242f000f142646a010d21b1
                                      • Instruction Fuzzy Hash: 73514870900268DFCF24DFA4D885AADBBB4FF65308F2451AEE115B7292DB309A45CF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E18818 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 120windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E18822
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00E188A2
                                      • SendMessageW.USER32(?,0000104D), ref: 00E188EB
                                        • Part of subcall function 00DFC203: __EH_prolog3_GS.LIBCMT ref: 00DFC20D
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeH_prolog3_MessageSendString
                                      • String ID: Hg$Pg
                                      • API String ID: 2788794003-3911212948
                                      • Opcode ID: d93c688373d3669b47275ea149d711c26280d9d3d782982461491503941099c9
                                      • Instruction ID: 0d14f3ea3b2307ecbaf27e6e7719edabed50ab665d55beb1c2212d84a552b4b2
                                      • Opcode Fuzzy Hash: d93c688373d3669b47275ea149d711c26280d9d3d782982461491503941099c9
                                      • Instruction Fuzzy Hash: 23416D70900248EFEB24EBA5CD89FDEBBB8EF95304F10505DE145B7292DA709A44CF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E6353D Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 110COMMON
                                      Download Yara Rule
                                      APIs
                                      • MultiByteToWideChar.KERNEL32(?,00000000,CEE85006,00E5468A,00000000,00000000,00E54FE8,?,O,?,00000001,00E5468A,CEE85006,00000001,00E54FE8,00E54FE8), ref: 00E6358A
                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00E63613
                                      • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00E63625
                                      • __freea.LIBCMT ref: 00E6362E
                                        • Part of subcall function 00E5FB7F: RtlAllocateHeap.NTDLL(00000000,00E396AE,00DE8AA9,?,00E51FA0,00DE8AAB,00DE8AA9,00DE8AA9,00000000,?,00E395A5,00E396AE,00DE8AAD,00DE8AA9,00DE8AA9,00DE8AA9), ref: 00E5FBB1
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                      • String ID: O
                                      • API String ID: 2652629310-3691759157
                                      • Opcode ID: 712fe054f183efdda89baf95c5ecce376c4ed2bd5f09da437a235e475a312fd6
                                      • Instruction ID: 3596b56796ec0d557ce1fea71848b76dbb12a13ad597c3bb5d85568b59e958f1
                                      • Opcode Fuzzy Hash: 712fe054f183efdda89baf95c5ecce376c4ed2bd5f09da437a235e475a312fd6
                                      • Instruction Fuzzy Hash: F331CA72A0020AABDB25DF75EC45EAE7BA5EF00754F051268FC15E7290EB35CE54CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E42860 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 107COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E4286A
                                        • Part of subcall function 00DF0617: __EH_prolog3.LIBCMT ref: 00DF061E
                                        • Part of subcall function 00DF0617: GetLastError.KERNEL32(00000004,00DF0837,?,00000000,00000004,00DFB8B4,?,00000001,0000006C,00DFC2A9,?,?,.ini,Hg,%ld,?), ref: 00DF0640
                                        • Part of subcall function 00DF0617: SetLastError.KERNEL32(?,?), ref: 00DF0678
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3H_prolog3_
                                      • String ID: 4q$Hg$Pg$Pg
                                      • API String ID: 852442433-2279145100
                                      • Opcode ID: c51ac5b4c1ac61398ce9fd42942dc5e3f7877570784ef58768faa22f37f0c6f6
                                      • Instruction ID: 58738a224adbea6bec7e61aeb38cfdddfb5544e06c5acafa5576ef19d7b5ab8f
                                      • Opcode Fuzzy Hash: c51ac5b4c1ac61398ce9fd42942dc5e3f7877570784ef58768faa22f37f0c6f6
                                      • Instruction Fuzzy Hash: 3E418271900248EFCB14EFA5C885BDEBBB8EF55304F504099F549A7242DB705A49CBB1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE77F0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(7B1078F4,?,00000000), ref: 00DE7834
                                      • SysAllocStringLen.OLEAUT32(00000000,?), ref: 00DE78C0
                                      • SetLastError.KERNEL32(00000000,?,?,00000000), ref: 00DE7906
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$AllocString
                                      • String ID: Pg$Pg
                                      • API String ID: 3899575968-4246043162
                                      • Opcode ID: 00e81352f8b11624aeade2055bafb21c32179a4ef826242a6486c94ca423d42f
                                      • Instruction ID: 305147b56e31f6bf9c963cde3c97f4eece77b324168c5039d0b4bbd46ec71b4b
                                      • Opcode Fuzzy Hash: 00e81352f8b11624aeade2055bafb21c32179a4ef826242a6486c94ca423d42f
                                      • Instruction Fuzzy Hash: AB31C1B1904605EFD700DF69D848B5ABBF4FB48318F20426AE819A7791D770E914CBE0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E095D9 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E095E3
                                      • CreateDialogIndirectParamW.USER32(?,00000000,?,?,?), ref: 00E096EF
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CreateDialogH_prolog3_IndirectParam
                                      • String ID: Hg$Pg$Tahoma
                                      • API String ID: 2249790658-1321535619
                                      • Opcode ID: 3dde2de0455869e2d4afafbf64a63b99e03f316ebc5fc0dd3964b3fcb0f01fc4
                                      • Instruction ID: 2ad566c6ef3830b0a221226c44a72d7dc6cad53e41679565c00f8c186996c58e
                                      • Opcode Fuzzy Hash: 3dde2de0455869e2d4afafbf64a63b99e03f316ebc5fc0dd3964b3fcb0f01fc4
                                      • Instruction Fuzzy Hash: A6415770800219EBDF10EFA0C895AEDBBB4FF14314F218099E941B3282DB70AA54CFB0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DFC48D Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 90COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00DFC494
                                      • DialogBoxIndirectParamW.USER32(?,00000000,00DFBAE0,?,?), ref: 00DFC59B
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: DialogH_prolog3_IndirectParam
                                      • String ID: Hg$Pg$Tahoma
                                      • API String ID: 1500191164-1321535619
                                      • Opcode ID: 9ef47f190b78d7e91119cc17367cb4cb2efaa696813ffebdb8b3e90af7d453c9
                                      • Instruction ID: bb4725349b2aa291ce9fcd2049e2cfff7636a9bae812d1b04236283ee0a39829
                                      • Opcode Fuzzy Hash: 9ef47f190b78d7e91119cc17367cb4cb2efaa696813ffebdb8b3e90af7d453c9
                                      • Instruction Fuzzy Hash: C5317E3180021DEBDF14EFA0C995AEDBBB4FF14314F218049E945A3252DB70AA55CFB0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E2C32E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E2C335
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                      • SetWindowTextW.USER32(?,?), ref: 00E2C409
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3_TextWindow
                                      • String ID: %s,%s,%s,%s,%s,%s$Hg$Pg
                                      • API String ID: 1521029078-2737977864
                                      • Opcode ID: 72ee15f3c0c6d9369caf9e6285ccd3f2278b7142d06cf8062532cca5b08b07bf
                                      • Instruction ID: 4a4a8bb6a354043975b5ea3a3f062268191b084736a2896914682428711c0057
                                      • Opcode Fuzzy Hash: 72ee15f3c0c6d9369caf9e6285ccd3f2278b7142d06cf8062532cca5b08b07bf
                                      • Instruction Fuzzy Hash: 24318A71A00219DFDF14DF94E885A8EBBB9FF44308F20456AE506BB201D730F956CBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E20086 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 79COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E20090
                                        • Part of subcall function 00DF099E: __EH_prolog3.LIBCMT ref: 00DF09A5
                                        • Part of subcall function 00E3C4A5: __EH_prolog3_GS.LIBCMT ref: 00E3C4AF
                                        • Part of subcall function 00DE77F0: GetLastError.KERNEL32(7B1078F4,?,00000000), ref: 00DE7834
                                        • Part of subcall function 00DE77F0: SetLastError.KERNEL32(00000000,?,?,00000000), ref: 00DE7906
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                        • Part of subcall function 00DF9714: __EH_prolog3.LIBCMT ref: 00DF971B
                                        • Part of subcall function 00E3C4A5: GetLastError.KERNEL32 ref: 00E3C620
                                        • Part of subcall function 00E3C4A5: __EH_prolog3_catch_GS.LIBCMT ref: 00E3C69A
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeH_prolog3H_prolog3_String$H_prolog3_catch_
                                      • String ID: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}$Hg$Hg$Pg
                                      • API String ID: 3232134966-3884593489
                                      • Opcode ID: e9cae18036be788479d9c284ff36e644eed17ee9b50a3f5ef39583fd76c87093
                                      • Instruction ID: 41076134e7c90bf6fb27eddcd93f6b20c13190c68794a5df4ca9617b53b38725
                                      • Opcode Fuzzy Hash: e9cae18036be788479d9c284ff36e644eed17ee9b50a3f5ef39583fd76c87093
                                      • Instruction Fuzzy Hash: 4B31DF70E02398EBEB10EBA48D467EEBB74AF51304F641199E515772C2DB704F09CBA2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3CD70 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 75COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E3CD77
                                        • Part of subcall function 00DF44FB: __EH_prolog3_GS.LIBCMT ref: 00DF4502
                                        • Part of subcall function 00E1C849: __EH_prolog3_GS.LIBCMT ref: 00E1C850
                                        • Part of subcall function 00DF0617: __EH_prolog3.LIBCMT ref: 00DF061E
                                        • Part of subcall function 00DF0617: GetLastError.KERNEL32(00000004,00DF0837,?,00000000,00000004,00DFB8B4,?,00000001,0000006C,00DFC2A9,?,?,.ini,Hg,%ld,?), ref: 00DF0640
                                        • Part of subcall function 00DF0617: SetLastError.KERNEL32(?,?), ref: 00DF0678
                                        • Part of subcall function 00E3F34E: __EH_prolog3_GS.LIBCMT ref: 00E3F355
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_$ErrorLast$H_prolog3
                                      • String ID: .EXE$Hg$Pg$SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
                                      • API String ID: 3033373895-348342690
                                      • Opcode ID: f6a4069b7ee2333ab97cd5952489ccdb592bec5345bab0a1c60a0a8ef3f4f999
                                      • Instruction ID: cab898a7698cab4271514ac6d61cee949f08e56bc02fff230a29beae228c6c92
                                      • Opcode Fuzzy Hash: f6a4069b7ee2333ab97cd5952489ccdb592bec5345bab0a1c60a0a8ef3f4f999
                                      • Instruction Fuzzy Hash: 8621B2B0C01208ABCB14EFA4C84B6DEBFA8EF55304F504059F848A7242D6719A0ACBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E42AF0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E42AF7
                                        • Part of subcall function 00DF0617: __EH_prolog3.LIBCMT ref: 00DF061E
                                        • Part of subcall function 00DF0617: GetLastError.KERNEL32(00000004,00DF0837,?,00000000,00000004,00DFB8B4,?,00000001,0000006C,00DFC2A9,?,?,.ini,Hg,%ld,?), ref: 00DF0640
                                        • Part of subcall function 00DF0617: SetLastError.KERNEL32(?,?), ref: 00DF0678
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeString$H_prolog3H_prolog3_
                                      • String ID: Hg$Hg$Pg$Pg
                                      • API String ID: 2488494826-1516674844
                                      • Opcode ID: 2e04e9acf6028442242adede78a68dc84364aea623e8149b60ad9d380a1b49d4
                                      • Instruction ID: e846465c182a9350980a2bf8074b89bcf975b2cb068739f7d208c1a825de7ae3
                                      • Opcode Fuzzy Hash: 2e04e9acf6028442242adede78a68dc84364aea623e8149b60ad9d380a1b49d4
                                      • Instruction Fuzzy Hash: 30314F71901258DBCF14EF94C986BECBBB8EF94308F11404AE905B7282DBB06E45C7B1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E156B8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 72stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E156C2
                                        • Part of subcall function 00DE4C40: RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?), ref: 00DE4C6B
                                        • Part of subcall function 00E1F473: __EH_prolog3.LIBCMT ref: 00E1F47A
                                      • lstrcpyW.KERNEL32(?,-00000004), ref: 00E15743
                                      • lstrcatW.KERNEL32(?," /%), ref: 00E15764
                                      • lstrcatW.KERNEL32(?,00000000), ref: 00E15786
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: lstrcat$H_prolog3H_prolog3_QueryValuelstrcpy
                                      • String ID: " /%
                                      • API String ID: 1917723134-1244271203
                                      • Opcode ID: 472a7bc46a5ac1ced8a700e81f1009971a429473c1e6d8dde2ada758252d8bca
                                      • Instruction ID: a2473a0a7b3db7cdb8a1dced3da4392ddcb900a94e78cd01f8ca21abdaa68cde
                                      • Opcode Fuzzy Hash: 472a7bc46a5ac1ced8a700e81f1009971a429473c1e6d8dde2ada758252d8bca
                                      • Instruction Fuzzy Hash: 3E216272A00218DADB14AB61DC4AFEE73F8BB44304F0455AAF549F7191EF709A84CB64
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3721A Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 68COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_
                                      • String ID: C:\CodeBases\isdev\Src\Runtime\MSI\Shared\Setup\utils.cpp$Hg$Pg$xn
                                      • API String ID: 2427045233-170060860
                                      • Opcode ID: b4901878e60903fad316afc6c8a9d52a08452f27c837407aff1e6131a4c3f18c
                                      • Instruction ID: 1cc5521922e0ada7b2cf70390711fca05f1ef4f82529a24c8ce6c710ae71c6cd
                                      • Opcode Fuzzy Hash: b4901878e60903fad316afc6c8a9d52a08452f27c837407aff1e6131a4c3f18c
                                      • Instruction Fuzzy Hash: 6C218F70901258EEDF10EBA4CC45BEEBBB4FB11304F10819AE185B7191DB705B08CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E2B597 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 66COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E2B5A1
                                      • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 00E2B5D9
                                      • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000001,?), ref: 00E2B5F3
                                        • Part of subcall function 00E2BD2A: __EH_prolog3.LIBCMT ref: 00E2BD31
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: FolderPath$H_prolog3H_prolog3_
                                      • String ID: @o$Ho
                                      • API String ID: 2054900352-3574598281
                                      • Opcode ID: 43250a3309342a22c5a0f22f06367a2f337057ea3f29e18a290778a8539a0623
                                      • Instruction ID: 08183fe54ce1eb90ca565fdfc32e163637f9550a89f692dd0492b6580a9d3020
                                      • Opcode Fuzzy Hash: 43250a3309342a22c5a0f22f06367a2f337057ea3f29e18a290778a8539a0623
                                      • Instruction Fuzzy Hash: 012147B1A0026CAECB20AF51DC89EEEBBBCEF94704F0042D9B50DB6151DB705A85CF60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E22570 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E22577
                                        • Part of subcall function 00DF070A: __EH_prolog3.LIBCMT ref: 00DF0711
                                        • Part of subcall function 00DF070A: GetLastError.KERNEL32(00000004,00DE4709,00E965D4,?,00000000), ref: 00DF0733
                                        • Part of subcall function 00DF070A: SetLastError.KERNEL32(?,?,?), ref: 00DF0774
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeString$H_prolog3H_prolog3_
                                      • String ID: Hg$Hg$ISSCHEDULEREBOOT=1$Pg
                                      • API String ID: 2488494826-1355606574
                                      • Opcode ID: 5e19880790f2696eca47c274d1c6b6d378d660cd66ff054e2ef75fcff76eeedc
                                      • Instruction ID: bc49cf82f66dd367ef9694c381ab653ceb83d714e4e4918bc748182374ecce3a
                                      • Opcode Fuzzy Hash: 5e19880790f2696eca47c274d1c6b6d378d660cd66ff054e2ef75fcff76eeedc
                                      • Instruction Fuzzy Hash: AC112B71904218AADB14EBA0CC96BDCBBB4BB14704F64521EE20477282DBB06A0ACB65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3D62E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E3D635
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                      • UuidToStringW.RPCRT4(?,?), ref: 00E3D67A
                                      • _wcslen.LIBCMT ref: 00E3D695
                                        • Part of subcall function 00E3FC7D: __EH_prolog3.LIBCMT ref: 00E3FC84
                                        • Part of subcall function 00E3FC7D: CharUpperW.USER32(00000000,?,?,00000010,00E3D6AC,00E965D4,00000000), ref: 00E3FCA7
                                      • RpcStringFreeW.RPCRT4(00000000), ref: 00E3D6B0
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLastString$CharFreeH_prolog3H_prolog3_UpperUuid_wcslen
                                      • String ID: Pg
                                      • API String ID: 1102082097-754130359
                                      • Opcode ID: d15929dd7182eca12e4081f952218fc29ef15afafce2e2fead940134b862b068
                                      • Instruction ID: 4eae23ec11ef3aaca1b3ad34d2ceb8915be5d20dc5847140f5500ff483593a63
                                      • Opcode Fuzzy Hash: d15929dd7182eca12e4081f952218fc29ef15afafce2e2fead940134b862b068
                                      • Instruction Fuzzy Hash: 0C011E719006189BCF00EFA5C8899CEBBF9EF49354F405426F805BB201CB749949CBB0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E38BB1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 47windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • FormatMessageW.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000,00000004,00000000), ref: 00E38BDE
                                      • wsprintfW.USER32 ref: 00E38C0D
                                        • Part of subcall function 00E3721A: __EH_prolog3_GS.LIBCMT ref: 00E37224
                                      • LocalFree.KERNEL32(?), ref: 00E38C28
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: FormatFreeH_prolog3_LocalMessagewsprintf
                                      • String ID: %s %s$xn
                                      • API String ID: 3026954014-2508197376
                                      • Opcode ID: c4cfb3fe9f43635c9f83910803c7572da8c048c5133f59212285c7fcb1c91fa1
                                      • Instruction ID: 1cd726b3f1225d0b5b2b0c04c9c91dcedc3d90e85171e3be492aeebc9aae3cd9
                                      • Opcode Fuzzy Hash: c4cfb3fe9f43635c9f83910803c7572da8c048c5133f59212285c7fcb1c91fa1
                                      • Instruction Fuzzy Hash: EF011E75900118BADF609FA28D49E9B7BFCFB89705F005495B589F20A1DE309A8DCBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E1ADB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,?,?,00E1B4B9,?,?,?,?,?), ref: 00E1ADD8
                                      • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00E1ADE8
                                        • Part of subcall function 00E1B4EC: GetModuleHandleW.KERNEL32(Advapi32.dll,?,00000000,?,?,00E1ADC7,?,?,?,?,00E1B4B9,?,?,?,?,?), ref: 00E1B4FF
                                        • Part of subcall function 00E1B4EC: GetProcAddress.KERNEL32(00000000,RegDeleteKeyTransactedW), ref: 00E1B50F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: AddressHandleModuleProc
                                      • String ID: Advapi32.dll$RegDeleteKeyExW
                                      • API String ID: 1646373207-2191092095
                                      • Opcode ID: d9817bc50b35b0cecfe22ade680289a625d6053ba4ae9027e06e9803beeafd01
                                      • Instruction ID: 3a9a8378119a249d560c7af410404593d3d2f797d498140a8b2dc9434f3959db
                                      • Opcode Fuzzy Hash: d9817bc50b35b0cecfe22ade680289a625d6053ba4ae9027e06e9803beeafd01
                                      • Instruction Fuzzy Hash: 2401B13A246651EFCB224B12EC04BEA7F65EB48715B185035F909B6230CB7198D49B81
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3E557 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00E3FEC2: GetModuleHandleW.KERNEL32(kernel32,GetNativeSystemInfo,?,00E3E5D0,?), ref: 00E3FECF
                                        • Part of subcall function 00E3FEC2: GetProcAddress.KERNEL32(00000000), ref: 00E3FED6
                                        • Part of subcall function 00E3FEC2: GetSystemInfo.KERNEL32(00E3E5D0,?,00E3E5D0,?), ref: 00E3FEE3
                                      • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process2), ref: 00E3E579
                                      • GetProcAddress.KERNEL32(00000000), ref: 00E3E580
                                      • GetCurrentProcess.KERNEL32(?,?), ref: 00E3E594
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: AddressHandleModuleProc$CurrentInfoProcessSystem
                                      • String ID: IsWow64Process2$kernel32
                                      • API String ID: 2015839007-1416006014
                                      • Opcode ID: 99c86986242216ff7eb56c862e0aa024e4d5e7b5b610c14d0019ac05f160859a
                                      • Instruction ID: a5bdd95e4b890608aa81dcaaa05500274bafba559245fea17aaac098fbc044b8
                                      • Opcode Fuzzy Hash: 99c86986242216ff7eb56c862e0aa024e4d5e7b5b610c14d0019ac05f160859a
                                      • Instruction Fuzzy Hash: 62F04976C02609FBDF20ABF5880D9DE7A7CAE04318B446456E401B32C0EA74DA44CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E5E79F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00E5E750,?,?,00E5E6F0,?,00EB42D0,0000000C,00E5E847,?,00000002), ref: 00E5E7BF
                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00E5E7D2
                                      • FreeLibrary.KERNEL32(00000000,?,?,?,00E5E750,?,?,00E5E6F0,?,00EB42D0,0000000C,00E5E847,?,00000002,00000000), ref: 00E5E7F5
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: AddressFreeHandleLibraryModuleProc
                                      • String ID: CorExitProcess$mscoree.dll
                                      • API String ID: 4061214504-1276376045
                                      • Opcode ID: 6fb00df6b8b9f18caea72c952da0f5d62f5b0e4bfe3fe37612362f4d816c9628
                                      • Instruction ID: 0dc72b3ca1e2ae00beb23ed133febc65dccc644da05325da4343d64551a90064
                                      • Opcode Fuzzy Hash: 6fb00df6b8b9f18caea72c952da0f5d62f5b0e4bfe3fe37612362f4d816c9628
                                      • Instruction Fuzzy Hash: E7F03C31A01618BFCB159FA1DC49BAEBFB9EB08716F404069F909B2261DF744A48DB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E0A824 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E0A82B
                                      • _wcslen.LIBCMT ref: 00E0A86F
                                      • SetLastError.KERNEL32(00000000,00000000,00000000,?,?,?,?,00000000,?,?,00000001), ref: 00E0A88C
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorH_prolog3_Last_wcslen
                                      • String ID: Pg$Pg
                                      • API String ID: 3613133196-4246043162
                                      • Opcode ID: b26af45a6cef02b64f7c4fab490e7a70901ed3481543de40664f572d65402a62
                                      • Instruction ID: 19771d6cbd6936c68190993399a9786a87e6fe71e9a935b9b122ef199da4f277
                                      • Opcode Fuzzy Hash: b26af45a6cef02b64f7c4fab490e7a70901ed3481543de40664f572d65402a62
                                      • Instruction Fuzzy Hash: 8C018F71800608EFDB11EF90C88ABCDBBB9EF08714F505519F145BB181CB71D605CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3E4F6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00E3FEC2: GetModuleHandleW.KERNEL32(kernel32,GetNativeSystemInfo,?,00E3E5D0,?), ref: 00E3FECF
                                        • Part of subcall function 00E3FEC2: GetProcAddress.KERNEL32(00000000), ref: 00E3FED6
                                        • Part of subcall function 00E3FEC2: GetSystemInfo.KERNEL32(00E3E5D0,?,00E3E5D0,?), ref: 00E3FEE3
                                      • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process2), ref: 00E3E518
                                      • GetProcAddress.KERNEL32(00000000), ref: 00E3E51F
                                      • GetCurrentProcess.KERNEL32(?,?), ref: 00E3E533
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: AddressHandleModuleProc$CurrentInfoProcessSystem
                                      • String ID: IsWow64Process2$kernel32
                                      • API String ID: 2015839007-1416006014
                                      • Opcode ID: be22291b5324e33908504295200d173c7e21288cbd48f9b160a149df5c35c26b
                                      • Instruction ID: 9704ab1bfce4211364420ea72c01946de31284370d454010f9b1ea2ba6aac00d
                                      • Opcode Fuzzy Hash: be22291b5324e33908504295200d173c7e21288cbd48f9b160a149df5c35c26b
                                      • Instruction Fuzzy Hash: 76F09076D02704FBCF10ABBA880D8CE7B7CAE04318B445411E506B72C0EA64D944CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DF0788 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DF078F
                                      • GetLastError.KERNEL32(00000004,00DF0A27,00000000,000000FF,00000000,00000000,00000004,00DF3EA9,000000FF,00000000,?,00000001,00000048,00DF3D63,?,000000FF), ref: 00DF07B1
                                      • SetLastError.KERNEL32(00000000,00000000,000000FF,00000000), ref: 00DF07F5
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Pg$Pg
                                      • API String ID: 3502553090-4246043162
                                      • Opcode ID: a1495d22583912b1f115f5c7d89ac1f83f6bfdc1cba5b7aeab5b3f35bc424475
                                      • Instruction ID: 5f936bf04b5874aaeafcfa8866d2802981840d85ca046885e13af4ccac6d63d7
                                      • Opcode Fuzzy Hash: a1495d22583912b1f115f5c7d89ac1f83f6bfdc1cba5b7aeab5b3f35bc424475
                                      • Instruction Fuzzy Hash: 5701887190060AEFCB01DF58C809658BFF1FF48314F11825AF598AB692C7B0EA10DF80
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E066F2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RegOpenKeyExW.ADVAPI32(80000001,Software\InstallShield\ISWI\7.0\SetupExeLog,00000000,00000001,?), ref: 00E0670C
                                      • RegQueryValueExW.ADVAPI32(?,SetupLogFileName,00000000,00000000,00EBAED8,?), ref: 00E06732
                                      • RegCloseKey.ADVAPI32(?), ref: 00E0674D
                                      Strings
                                      • SetupLogFileName, xrefs: 00E0672A
                                      • Software\InstallShield\ISWI\7.0\SetupExeLog, xrefs: 00E06702
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CloseOpenQueryValue
                                      • String ID: SetupLogFileName$Software\InstallShield\ISWI\7.0\SetupExeLog
                                      • API String ID: 3677997916-622478307
                                      • Opcode ID: 0b4cdb29abee71aba4a0761e6b19c7c1d531772b55f824f322bde496ada9c15a
                                      • Instruction ID: 49de9264c89d5d66d7405051349e2c25215e822c8967763ed84ed400b5239e09
                                      • Opcode Fuzzy Hash: 0b4cdb29abee71aba4a0761e6b19c7c1d531772b55f824f322bde496ada9c15a
                                      • Instruction Fuzzy Hash: 03F0E971640344BFEB115B12DC0AFBF7EFCDB80B05F540199B849B1090D7B09948D760
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DFA6D4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DFA6DB
                                      • GetLastError.KERNEL32(00000004,00DFABA2,00000000,00000004,00DFA7A7,00000001,00000004,80070057), ref: 00DFA703
                                      • SetLastError.KERNEL32(?), ref: 00DFA72C
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: `y$hy
                                      • API String ID: 3502553090-3448722358
                                      • Opcode ID: 5d3641b960d00f116eae6399a4019b915fe7dd60a04bac2d5ffee6b8b3f3dbc6
                                      • Instruction ID: ef99dfef4864d01afd9a978c365e57f43f67d3571dc8ba48954fc77239458a23
                                      • Opcode Fuzzy Hash: 5d3641b960d00f116eae6399a4019b915fe7dd60a04bac2d5ffee6b8b3f3dbc6
                                      • Instruction Fuzzy Hash: 5B01B871404A06EFC701DF58C449B68FBB0BF40318F258288E4886B392C7B4EA44CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3A012 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25COMMON
                                      Download Yara Rule
                                      APIs
                                      • SleepConditionVariableCS.KERNELBASE(?,00E39FAF,00000064), ref: 00E3A035
                                      • LeaveCriticalSection.KERNEL32(00EBEB74,?,?,00E39FAF,00000064), ref: 00E3A03F
                                      • WaitForSingleObjectEx.KERNEL32(?,00000000,?,00E39FAF,00000064), ref: 00E3A050
                                      • EnterCriticalSection.KERNEL32(00EBEB74,?,00E39FAF,00000064), ref: 00E3A057
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                      • String ID: t
                                      • API String ID: 3269011525-1810194760
                                      • Opcode ID: 99bc50dad1568b426216ee3b8a3b9ad9b2bdc489cd9c27dfde6a25b9fedab7e8
                                      • Instruction ID: 3e877b89b536c1f31ed922ae0258f7604568f11a2bdc752ee1d1dd56cada83b3
                                      • Opcode Fuzzy Hash: 99bc50dad1568b426216ee3b8a3b9ad9b2bdc489cd9c27dfde6a25b9fedab7e8
                                      • Instruction Fuzzy Hash: BCE01236541A24FFCA261BA2EC4DADE7F24AB05761B141121FA4F763608BA118449FD6
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E52A5A Relevance: 7.7, APIs: 5, Instructions: 168COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: AdjustPointer$_abort
                                      • String ID:
                                      • API String ID: 2252061734-0
                                      • Opcode ID: bbe61f0a747305b8ea4e4374a72306ee82ea1809d2d3ea29b53ff8b9af4d6aad
                                      • Instruction ID: 73ff46f9f256b76644a6409cb51a899e106106cd51bf232f0956e9e48ce4dc08
                                      • Opcode Fuzzy Hash: bbe61f0a747305b8ea4e4374a72306ee82ea1809d2d3ea29b53ff8b9af4d6aad
                                      • Instruction Fuzzy Hash: 19510672A007029FDB288F10C841BAA77A4FF46716F145D2DEE0577292E731ED88CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DFCAC4 Relevance: 7.7, APIs: 5, Instructions: 158fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_catch_GS.LIBCMT ref: 00DFCACB
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                      • _wcslen.LIBCMT ref: 00DFCB02
                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000080,00000000,00E965D4,00000000,?,00000001,0000005C,00DFC9D2,?,?,00000000), ref: 00DFCB2D
                                      • GetFileSize.KERNEL32(00000000,00000000), ref: 00DFCB60
                                      • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00DFCB8E
                                        • Part of subcall function 00DE6070: CloseHandle.KERNEL32(00000000,00000000,00E3F2AD), ref: 00DE6083
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: File$ErrorLast$CloseCreateH_prolog3_catch_HandleReadSize_wcslen
                                      • String ID:
                                      • API String ID: 3739562551-0
                                      • Opcode ID: e47b8d2490ebaaba8e12b3fa23a9fca73f3b4fe190c0747495bb9423d2e1ebf9
                                      • Instruction ID: c86689696a3415823a15a7b8c2c53a218368737ad214319e08189de32de62be8
                                      • Opcode Fuzzy Hash: e47b8d2490ebaaba8e12b3fa23a9fca73f3b4fe190c0747495bb9423d2e1ebf9
                                      • Instruction Fuzzy Hash: 2C51D33180928CEEEB01D7A4CA59BEEBBB49F11340F284058F545BB182DBB15F45D771
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E1B055 Relevance: 7.6, APIs: 5, Instructions: 119COMMON
                                      Download Yara Rule
                                      APIs
                                      • CharNextW.USER32(00000000,?,00000000,00000000,?,?,00000001), ref: 00E1B08D
                                        • Part of subcall function 00E1AE38: CharNextW.USER32(?,?,00E1B281,?,00000000,00000001,00000000,00000064,00E1B57F,?,00000000,00000000,00000000), ref: 00E1AE44
                                      • CharNextW.USER32(00000000,?,00000000,00000000,?,?,00000001), ref: 00E1B0B2
                                      • CharNextW.USER32(00000000,?,00000000,00000000,?,?,00000001), ref: 00E1B0C0
                                      • CharNextW.USER32(?,?,00000000,00000000,?,?,00000001), ref: 00E1B122
                                      • CharNextW.USER32(00000000,00000000,?,00000000,00000000,?,?,00000001), ref: 00E1B139
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CharNext
                                      • String ID:
                                      • API String ID: 3213498283-0
                                      • Opcode ID: 4ae120b3b82890afceed1852f8050dd036ecef67b81bbdb54fcc71917152e1ca
                                      • Instruction ID: 222a13a0c143f9c37b3bb129d27e1503ab7a590558115ffc715606580da409aa
                                      • Opcode Fuzzy Hash: 4ae120b3b82890afceed1852f8050dd036ecef67b81bbdb54fcc71917152e1ca
                                      • Instruction Fuzzy Hash: 0341EE35B01202EFCB209F78C8945BEB7F6FF58305B25586AE882E7254EB7099C1CB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE7070 Relevance: 7.6, APIs: 5, Instructions: 115COMMON
                                      Download Yara Rule
                                      APIs
                                      • SysFreeString.OLEAUT32(?), ref: 00DE70C6
                                      • GetLastError.KERNEL32(?,00000001,?,00000000), ref: 00DE7144
                                      • SysFreeString.OLEAUT32(?), ref: 00DE715C
                                      • SysFreeString.OLEAUT32(?), ref: 00DE716D
                                      • SetLastError.KERNEL32(?), ref: 00DE7195
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: FreeString$ErrorLast
                                      • String ID:
                                      • API String ID: 2541235897-0
                                      • Opcode ID: a1b62940c645206af5022ccd9b1085327768d01572a35e9e36d5bea1f12bb49f
                                      • Instruction ID: bbf42e4a0b1091ac6097a6b56dc77b6b907a156ee0c2e7cfb4f3c35a32a8d8cc
                                      • Opcode Fuzzy Hash: a1b62940c645206af5022ccd9b1085327768d01572a35e9e36d5bea1f12bb49f
                                      • Instruction Fuzzy Hash: 7D417E71608341DFCB10EF29D888A5AB7F5FF88744F00492DF58A97250DB71E918CBA2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E00322 Relevance: 7.6, APIs: 5, Instructions: 78windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E00329
                                        • Part of subcall function 00E00446: __EH_prolog3_GS.LIBCMT ref: 00E0044D
                                        • Part of subcall function 00E00446: FindWindowExW.USER32(000000FD,00000000,IsPrqHook,-00000004), ref: 00E0049B
                                      • SendMessageW.USER32(00000000,00000111,00000000,00000000), ref: 00E00367
                                      • SendMessageW.USER32(00000000,0000000C,00000000,?), ref: 00E00374
                                        • Part of subcall function 00DFF67F: __EH_prolog3_GS.LIBCMT ref: 00DFF686
                                        • Part of subcall function 00DFF67F: _wcslen.LIBCMT ref: 00DFF6C9
                                        • Part of subcall function 00DFF67F: SetLastError.KERNEL32(00000000,?,00000000), ref: 00DFF6E6
                                      • SendMessageW.USER32(00000000,0000000C,00000000,-00000004), ref: 00E0039A
                                      • SendMessageW.USER32(00000000,00000111,00000001,00000000), ref: 00E003B5
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: MessageSend$H_prolog3_$ErrorFindLastWindow_wcslen
                                      • String ID:
                                      • API String ID: 2230841411-0
                                      • Opcode ID: 06daa0428a1fb316213cfe3725906e06a26eb1e768a28d0a464578fb79824219
                                      • Instruction ID: cf2a1f381bb30ba797a2849e9857e973a9beaeef5c24d46ae528a2b70831654c
                                      • Opcode Fuzzy Hash: 06daa0428a1fb316213cfe3725906e06a26eb1e768a28d0a464578fb79824219
                                      • Instruction Fuzzy Hash: 64217C71A00244EFDB24ABA5CC8AF9E7F76EF85710F045218F611BB2D1CBB09946CB65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E2269F Relevance: 7.6, APIs: 5, Instructions: 58stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • lstrlenW.KERNEL32(?), ref: 00E226D4
                                      • lstrcpyW.KERNEL32(?,?), ref: 00E226E6
                                      • GetModuleFileNameW.KERNEL32(?,?,00000400), ref: 00E22700
                                      • lstrlenW.KERNEL32(?), ref: 00E2270D
                                      • lstrcpyW.KERNEL32(00000000,?), ref: 00E22738
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: lstrcpylstrlen$FileModuleName
                                      • String ID:
                                      • API String ID: 271103609-0
                                      • Opcode ID: 5bd2297dedc7343d975b196e64ff8cc34e2c17cb1053619953a95e5c7ccf0079
                                      • Instruction ID: 64ba12029cbae5eca309910c6db8836eff79fd9998c32c88ceca5ccc6ff5d657
                                      • Opcode Fuzzy Hash: 5bd2297dedc7343d975b196e64ff8cc34e2c17cb1053619953a95e5c7ccf0079
                                      • Instruction Fuzzy Hash: 5B11C6B3940218AFCB149B61DD0AFAAB7FCFB04304F14516ABA05F6091DF749A0CCB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E604F9 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(00E396AE,00E396AE,00DE8AAB,00E56D9E,00E5FBC2,00DE8AA9,?,00E51FA0,00DE8AAB,00DE8AA9,00DE8AA9,00000000,?,00E395A5,00E396AE,00DE8AAD), ref: 00E604FE
                                      • _free.LIBCMT ref: 00E60533
                                      • _free.LIBCMT ref: 00E6055A
                                      • SetLastError.KERNEL32(00000000,?,00E396AE), ref: 00E60567
                                      • SetLastError.KERNEL32(00000000,?,00E396AE), ref: 00E60570
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$_free
                                      • String ID:
                                      • API String ID: 3170660625-0
                                      • Opcode ID: 3c16e6fa82d1573e0fd86930069205c326570753ea383f792f9def70c1c5d090
                                      • Instruction ID: 63e1833552bcd7c4a7810690244e9d8af4389af791d6688d545f39b85dbd750f
                                      • Opcode Fuzzy Hash: 3c16e6fa82d1573e0fd86930069205c326570753ea383f792f9def70c1c5d090
                                      • Instruction Fuzzy Hash: AC0149325C1E10AFC73367357C89A6B26AA9FD07F53242124F80AB32A2FF608A054510
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DEF1C8 Relevance: 7.5, APIs: 5, Instructions: 46fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetFileSize.KERNEL32(00DF65EC,00000000,00000000,00000000,?,?,00DEF25B,00000000,00000000,?,00000000,?,00E35AFF,-00000004,00000000,Hg), ref: 00DEF1D4
                                      • CreateFileMappingW.KERNEL32(00DF65EC,00000000,00000004,00000000,00000000,00000000,?,?,00DEF25B,00000000,00000000,?,00000000,?,00E35AFF,-00000004), ref: 00DEF1E6
                                      • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,00000000,?,?,00DEF25B,00000000,00000000,?,00000000,?,00E35AFF,-00000004), ref: 00DEF1F9
                                      • UnmapViewOfFile.KERNEL32(00000000,00000000,00DF65EC), ref: 00DEF217
                                      • CloseHandle.KERNEL32(00000000,?,?,00DEF25B,00000000,00000000,?,00000000,?,00E35AFF,-00000004,00000000,Hg), ref: 00DEF21E
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: File$View$CloseCreateHandleMappingSizeUnmap
                                      • String ID:
                                      • API String ID: 1558290345-0
                                      • Opcode ID: a43f2412f27799ae43af15a162fdecb3165d55be0368c7c4d57cf44848198e63
                                      • Instruction ID: 6688492ffae886511eb6cc35cc590de8c69d2829b03f6c808bb30d7df73399cb
                                      • Opcode Fuzzy Hash: a43f2412f27799ae43af15a162fdecb3165d55be0368c7c4d57cf44848198e63
                                      • Instruction Fuzzy Hash: 16F06237502A24BFDB222BA7AC4DEDB7E6CDF466A1B004024FA0DA6111DA718904DBF0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E388C2 Relevance: 7.5, APIs: 5, Instructions: 41fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00E388C9
                                        • Part of subcall function 00DF099E: __EH_prolog3.LIBCMT ref: 00DF09A5
                                        • Part of subcall function 00E3C4A5: __EH_prolog3_GS.LIBCMT ref: 00E3C4AF
                                      • SetErrorMode.KERNEL32(00008001,0000000A), ref: 00E38913
                                      • SetFileAttributesW.KERNEL32(0000000A,00000080), ref: 00E38921
                                      • DeleteFileW.KERNEL32(0000000A), ref: 00E3892A
                                      • SetErrorMode.KERNEL32(00000000), ref: 00E38937
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorFileH_prolog3Mode$AttributesDeleteH_prolog3_
                                      • String ID:
                                      • API String ID: 2831870221-0
                                      • Opcode ID: d8ee0e8f842ee4ff5c0db7f99af758bfc3f5069fa86e117c0ffbde15f03e25dc
                                      • Instruction ID: b5c4d0c6bed34e15d2fb3b2f6641d98e201a040f1ecd493d879936be8cf489c1
                                      • Opcode Fuzzy Hash: d8ee0e8f842ee4ff5c0db7f99af758bfc3f5069fa86e117c0ffbde15f03e25dc
                                      • Instruction Fuzzy Hash: E6016271601608AFEB106F648D4AB7D7FA4EB10795F109124FD597A0A2CF718E05CB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E6336F Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • _free.LIBCMT ref: 00E63387
                                        • Part of subcall function 00E5FB45: HeapFree.KERNEL32(00000000,00000000,?,00E63406,?,00000000,?,00000000,?,00E6342D,?,00000007,?,?,00E6388F,?), ref: 00E5FB5B
                                        • Part of subcall function 00E5FB45: GetLastError.KERNEL32(?,?,00E63406,?,00000000,?,00000000,?,00E6342D,?,00000007,?,?,00E6388F,?,?), ref: 00E5FB6D
                                      • _free.LIBCMT ref: 00E63399
                                      • _free.LIBCMT ref: 00E633AB
                                      • _free.LIBCMT ref: 00E633BD
                                      • _free.LIBCMT ref: 00E633CF
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: _free$ErrorFreeHeapLast
                                      • String ID:
                                      • API String ID: 776569668-0
                                      • Opcode ID: 471fc3c8f7563aa16c8edf0f4eb4e6205d9a146c1a2f9f80f1e2236624734d58
                                      • Instruction ID: b4688fb179fdfdad4137bb9ec999f062572082fe1af318beac0f6db70e68031b
                                      • Opcode Fuzzy Hash: 471fc3c8f7563aa16c8edf0f4eb4e6205d9a146c1a2f9f80f1e2236624734d58
                                      • Instruction Fuzzy Hash: F5F06232584600EFCAA0EB75F989C2AB3EAAB403617542C15F459F7641CF70FE898660
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E19485 Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetDC.USER32(?), ref: 00E1948D
                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00E1949A
                                      • MulDiv.KERNEL32(?,00000000), ref: 00E194A4
                                      • ReleaseDC.USER32(?,00000000), ref: 00E194B2
                                      • CreateFontW.GDI32(00000000,00000000,00000000,00000000,?,00000000,?,00000000,?,00000000,00000000,00000000,00000000,?), ref: 00E194D0
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CapsCreateDeviceFontRelease
                                      • String ID:
                                      • API String ID: 2367478762-0
                                      • Opcode ID: 45b7566a7f14548a246660d4bccf7718a414b4ae73c0dc3e5aedf6a3b1694035
                                      • Instruction ID: e19104541495aa1cad83ef761fd3b165bc3d58c379687d35bee8b16d16215230
                                      • Opcode Fuzzy Hash: 45b7566a7f14548a246660d4bccf7718a414b4ae73c0dc3e5aedf6a3b1694035
                                      • Instruction Fuzzy Hash: 61F067B2140519BFEB121F52EC08DBF3E6DEB49761B444414FE19D5060DA354D25ABB1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E5F260 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                      Download Yara Rule
                                      APIs
                                      • _free.LIBCMT ref: 00E5F27E
                                        • Part of subcall function 00E5FB45: HeapFree.KERNEL32(00000000,00000000,?,00E63406,?,00000000,?,00000000,?,00E6342D,?,00000007,?,?,00E6388F,?), ref: 00E5FB5B
                                        • Part of subcall function 00E5FB45: GetLastError.KERNEL32(?,?,00E63406,?,00000000,?,00000000,?,00E6342D,?,00000007,?,?,00E6388F,?,?), ref: 00E5FB6D
                                      • _free.LIBCMT ref: 00E5F290
                                      • _free.LIBCMT ref: 00E5F2A3
                                      • _free.LIBCMT ref: 00E5F2B4
                                      • _free.LIBCMT ref: 00E5F2C5
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: _free$ErrorFreeHeapLast
                                      • String ID:
                                      • API String ID: 776569668-0
                                      • Opcode ID: f49845c8e8acee38a60a08c5428f8762f4f96fbffbe16c3747ab193b3dff1f23
                                      • Instruction ID: 7f6f697e19b5469afe096528959c4bbebcc9789446d53f5e9e5ce8bf20de70d3
                                      • Opcode Fuzzy Hash: f49845c8e8acee38a60a08c5428f8762f4f96fbffbe16c3747ab193b3dff1f23
                                      • Instruction Fuzzy Hash: DCF03075511621DFCA82AF1AEE558567BA1EB08B213101776F800B3271DF71054E9F80
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E18216 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 239COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_
                                      • String ID: Hg$Pg$ProductName
                                      • API String ID: 2427045233-2214273263
                                      • Opcode ID: c925b5b80aebec0bef7ab27fccfd32c8d8645c94ffb260ff5766b26d09aae66a
                                      • Instruction ID: a665be749b407cbdbb5f33426119c64bafcb866a350ef484a690ef33d745e6dc
                                      • Opcode Fuzzy Hash: c925b5b80aebec0bef7ab27fccfd32c8d8645c94ffb260ff5766b26d09aae66a
                                      • Instruction Fuzzy Hash: 4BA1BA30A04244CFDB21DFA8C9857ECBBB2AF44314F285299E495BB392DF705E85DB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DF6340 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 192COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00DF634A
                                        • Part of subcall function 00E190EB: __EH_prolog3.LIBCMT ref: 00E190F2
                                        • Part of subcall function 00E191A0: GetVersionExW.KERNEL32(00000114,?,?), ref: 00E191DD
                                        • Part of subcall function 00E191A0: GetSystemInfo.KERNEL32(?,?,?), ref: 00E19231
                                        • Part of subcall function 00DF946E: GetTempPathW.KERNEL32(?,?,?,00000000,00000000,?,00DF63CE,?,00000400,00000000,00000001,0000044F,00000000,000008AC,00E0641D,00000452), ref: 00DF948E
                                        • Part of subcall function 00DF946E: SetErrorMode.KERNEL32(00008003,?,00000000,00000000,?,00DF63CE,?,00000400,00000000,00000001,0000044F,00000000,000008AC,00E0641D,00000452,?), ref: 00DF949D
                                        • Part of subcall function 00DF946E: GetWindowsDirectoryW.KERNEL32(?,?,?,00000000,00000000,?,00DF63CE,?,00000400,00000000,00000001,0000044F,00000000,000008AC,00E0641D,00000452), ref: 00DF94B4
                                        • Part of subcall function 00DF946E: lstrcpyW.KERNEL32(?,00E965D4), ref: 00DF94D1
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: DirectoryErrorH_prolog3H_prolog3_InfoModePathSystemTempVersionWindowslstrcpy
                                      • String ID: Hg$Hg$Pg
                                      • API String ID: 2667293368-3920519673
                                      • Opcode ID: 4b539290a076c769e21a42973b3b37e93611ecd21042519aa24fc43be0fa1876
                                      • Instruction ID: 43bcf8cbe01c76b66cce14c773680a7d9da187cffa6449398b496751890e97f4
                                      • Opcode Fuzzy Hash: 4b539290a076c769e21a42973b3b37e93611ecd21042519aa24fc43be0fa1876
                                      • Instruction Fuzzy Hash: 3071C230A012549BDB14FB35CD96BAD77E5BB44300F0491A8E646B7292DF70DE89CBB0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E66EE8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: `E
                                      • API String ID: 0-2280243844
                                      • Opcode ID: 1d6f69282e4241228ca0431a7a78d5cf8f7bb97c1b95a99a09f61bf0092b979d
                                      • Instruction ID: cd1863e9013ac0222d128316e09cf7d99a76af6e9f80fa431d62fed860c24808
                                      • Opcode Fuzzy Hash: 1d6f69282e4241228ca0431a7a78d5cf8f7bb97c1b95a99a09f61bf0092b979d
                                      • Instruction Fuzzy Hash: E351E071A9420AAFCF11DFA8E845FEFBBB4AF05398F142449F850B7292D7319905CB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E143BA Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 150COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3__wcslen
                                      • String ID: Hg$Pg
                                      • API String ID: 3251556500-3911212948
                                      • Opcode ID: 49c22019903aba5b9ffe5fc324e4b38eafb5f5dde0cfa711496fded88b20d340
                                      • Instruction ID: e383ed95c68ff6a07cfd395d17ac9a75cd96c5ebcb561a16d4505bb06620be0c
                                      • Opcode Fuzzy Hash: 49c22019903aba5b9ffe5fc324e4b38eafb5f5dde0cfa711496fded88b20d340
                                      • Instruction Fuzzy Hash: CC518DB1A003689FCB24DBA4D881BDDB7B5FF45304F505199E059BB281DB70AEC5CBA2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E0C447 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144stringCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00E1F473: __EH_prolog3.LIBCMT ref: 00E1F47A
                                      • lstrcpyW.KERNEL32(?,-00000004), ref: 00E0C4D6
                                      • wsprintfW.USER32 ref: 00E0C543
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3lstrcpywsprintf
                                      • String ID: %s /g %s /g %s$%s /g %s /g %s /s
                                      • API String ID: 403492235-3131057161
                                      • Opcode ID: 2a80b852e0f90bc66939a352ca7c03f710192778b57ae163269c5318d8d0ff9f
                                      • Instruction ID: 73825f1501ac1f0dad46ae6db181785e01230f9a0bfa2f6010ec5c0f6837eb98
                                      • Opcode Fuzzy Hash: 2a80b852e0f90bc66939a352ca7c03f710192778b57ae163269c5318d8d0ff9f
                                      • Instruction Fuzzy Hash: E85197B1900258AFDB20EB50CC4AFEA77FCAB05304F1456A5F555F7192DB74AAC8CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E004C6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 138fileCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                      • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?), ref: 00E00556
                                      • ReadFile.KERNEL32(00000000,?,00001000,?,00000000), ref: 00E00592
                                      • CloseHandle.KERNEL32(00000001), ref: 00E00642
                                      Strings
                                      • %02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X, xrefs: 00E00621
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorFileLast$CloseCreateHandleRead
                                      • String ID: %02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X
                                      • API String ID: 3160720760-2582415446
                                      • Opcode ID: 7fc5f1ea9dc1880ffec6dfd66696b33b7393d8bc4088b2b76caac42e3d9709b1
                                      • Instruction ID: 35e5cb5eb87cfc282dedca0bf7456c199b379173e0511306954aab8ee1777994
                                      • Opcode Fuzzy Hash: 7fc5f1ea9dc1880ffec6dfd66696b33b7393d8bc4088b2b76caac42e3d9709b1
                                      • Instruction Fuzzy Hash: E951A6729041A96EDB21CB958C45FFFBBFCAB09311F040196F598F21C1C6789A84DF60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E5E89A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exe,00000104), ref: 00E5E8D5
                                      • _free.LIBCMT ref: 00E5E9A0
                                      • _free.LIBCMT ref: 00E5E9AA
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: _free$FileModuleName
                                      • String ID: C:\Users\user\Desktop\AGLCStructuredSettlementsInstaller.exe
                                      • API String ID: 2506810119-3318841292
                                      • Opcode ID: 8aa06377965d13c1b8e67d8b9cf40c320f0f48032c8bf00605a75d71e11dfbd4
                                      • Instruction ID: dc6baa0a24fe825c2718e1f95d85c6c57f7f0fb24978be8087ce4140b8785ae6
                                      • Opcode Fuzzy Hash: 8aa06377965d13c1b8e67d8b9cf40c320f0f48032c8bf00605a75d71e11dfbd4
                                      • Instruction Fuzzy Hash: 7F318F71A04214EFCB29DF9ADC8599EBBFCEB89311B1454A6ED04B7311D6B04F48CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E53056 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: EncodePointer_abort
                                      • String ID: MOC$RCC
                                      • API String ID: 948111806-2084237596
                                      • Opcode ID: 1318ec574d2f15c4761bd217a479222d83a221bd2e3b22739c7437c73b792303
                                      • Instruction ID: 280bf3e853c4900aeaa07e211ec14595f7e732ea35759656002a5f5f83d4d938
                                      • Opcode Fuzzy Hash: 1318ec574d2f15c4761bd217a479222d83a221bd2e3b22739c7437c73b792303
                                      • Instruction Fuzzy Hash: 6F417932900209AFCF15CFA8CD81AAEBBB5FF48345F149898FE0477251D3359A54DB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E22C11 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 105COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E22C1B
                                        • Part of subcall function 00E1FE71: __EH_prolog3_GS.LIBCMT ref: 00E1FE7B
                                        • Part of subcall function 00E1FE71: wsprintfW.USER32 ref: 00E1FECF
                                        • Part of subcall function 00E1FE71: CharNextW.USER32(?), ref: 00E1FEDC
                                        • Part of subcall function 00E1FE71: CharNextW.USER32(00000000), ref: 00E1FEE3
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$CharFreeH_prolog3_NextString$wsprintf
                                      • String ID: Hg$Pg$Setup.bmp
                                      • API String ID: 1749236127-1308562438
                                      • Opcode ID: dae94af70eaaffe4da34dc78a2738e049a00a9038266303c7ac631c693546c93
                                      • Instruction ID: b1c9e26ce86198123e0e5104ae504fef0c08ea889a4f1c97c98a3064293ef7e1
                                      • Opcode Fuzzy Hash: dae94af70eaaffe4da34dc78a2738e049a00a9038266303c7ac631c693546c93
                                      • Instruction Fuzzy Hash: E5416770900318ABDF24EB608C46BEA77F8BF44314F4496A9A559B7191DBB49A84CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E11644 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 86COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • Pg, xrefs: 00E116AE
                                      • Hg, xrefs: 00E116AB
                                      • C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}, xrefs: 00E116A6
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_
                                      • String ID: C:\Users\user\AppData\Local\Temp\{978B1B8A-E3CA-4B77-9A20-8153B898500E}$Hg$Pg
                                      • API String ID: 2427045233-1334582274
                                      • Opcode ID: d017309152f7468cf5d8b3f340d7cfb6dc3025bcf39949eaa09bb8ec6d5ae46e
                                      • Instruction ID: 51a41db4c91583515f6813a27f5ee30d1392aabf9a01ebf782d79f26d7505aae
                                      • Opcode Fuzzy Hash: d017309152f7468cf5d8b3f340d7cfb6dc3025bcf39949eaa09bb8ec6d5ae46e
                                      • Instruction Fuzzy Hash: 8B31AD71900248EFDF10EFA0C99AAEEBBB4FF05314F245549E551B72C2DB70AA45CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E172A3 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 84COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E172AD
                                        • Part of subcall function 00E171F4: __EH_prolog3_GS.LIBCMT ref: 00E171FB
                                        • Part of subcall function 00E3D6BE: __EH_prolog3_GS.LIBCMT ref: 00E3D6C5
                                        • Part of subcall function 00DF0809: __EH_prolog3.LIBCMT ref: 00DF0810
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_$H_prolog3
                                      • String ID: Hg$Pg$ProductName
                                      • API String ID: 3952504126-2214273263
                                      • Opcode ID: 8d6d4198b8aa1bbfb662f240e9085333c25f9ead87dd6f16491c525a29861b34
                                      • Instruction ID: c4f3ba17578d9eb06c9bee81b5dd28728e3c291e5c1976e7f732e298a6175b84
                                      • Opcode Fuzzy Hash: 8d6d4198b8aa1bbfb662f240e9085333c25f9ead87dd6f16491c525a29861b34
                                      • Instruction Fuzzy Hash: C2316171D05258EBDB10EBA5CC49BDEBBB8FF81304F244099E44977242DB705A89CF62
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E23324 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00E2332B
                                        • Part of subcall function 00E23078: __EH_prolog3_GS.LIBCMT ref: 00E23082
                                        • Part of subcall function 00E23078: CloseHandle.KERNEL32(000000FF,00000084,00E23337,00000004,00E3295B,@o,80000000,00000001,00000080,00000003,00000000,00000000,?,00000000,00000084,00E41F8A), ref: 00E230BA
                                      • GetLastError.KERNEL32(00000004,00000000,80400100,00000004,00E3295B,@o,80000000,00000001,00000080,00000003,00000000,00000000,?,00000000,00000084,00E41F8A), ref: 00E23408
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CloseErrorH_prolog3H_prolog3_HandleLast
                                      • String ID: Ho$toys::file
                                      • API String ID: 3687586673-1399951243
                                      • Opcode ID: fa84d6035c5cd08016a8857a8e2797548e005319a980ef865b394a225c437dff
                                      • Instruction ID: 56baa180f75b2c91d8b98acb15de478069085331601aa17732a1a5fc27165d00
                                      • Opcode Fuzzy Hash: fa84d6035c5cd08016a8857a8e2797548e005319a980ef865b394a225c437dff
                                      • Instruction Fuzzy Hash: 3121B171600315EBDB14EF70AC41AAE3AB1AF84300F00A41CF56AB7192DF79DA11CB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E086A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E086A7
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                        • Part of subcall function 00DF40BE: SysStringLen.OLEAUT32(?), ref: 00DF40C7
                                        • Part of subcall function 00DF40BE: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 00DF40E2
                                      • VarBstrFromDate.OLEAUT32(?,?,00000400,00000000,00000000), ref: 00E0871B
                                        • Part of subcall function 00DF5DF3: _wcslen.LIBCMT ref: 00DF5E2D
                                        • Part of subcall function 00DFBD75: __EH_prolog3_GS.LIBCMT ref: 00DFBD7C
                                        • Part of subcall function 00DF0809: __EH_prolog3.LIBCMT ref: 00DF0810
                                        • Part of subcall function 00E0449F: __EH_prolog3_GS.LIBCMT ref: 00E044A6
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLastString$H_prolog3_$Free$AllocBstrDateFromH_prolog3_wcslen
                                      • String ID: Hg$Pg
                                      • API String ID: 3620874770-3911212948
                                      • Opcode ID: 8b566fc124fbbfc4c857eaf172167cd369fbfadb3d06f7b0838ab4112845ffda
                                      • Instruction ID: 24417c7b84aa6f379833fd1eecbc005ebb695c4de578fb99176f1b40404ffc29
                                      • Opcode Fuzzy Hash: 8b566fc124fbbfc4c857eaf172167cd369fbfadb3d06f7b0838ab4112845ffda
                                      • Instruction Fuzzy Hash: 9E314B7090524CEADB20EFE8CD86BEDBBB4BF14344F20815DE555B7282DB745A09CB61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E4205B Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 78COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E42065
                                        • Part of subcall function 00DF0617: __EH_prolog3.LIBCMT ref: 00DF061E
                                        • Part of subcall function 00DF0617: GetLastError.KERNEL32(00000004,00DF0837,?,00000000,00000004,00DFB8B4,?,00000001,0000006C,00DFC2A9,?,?,.ini,Hg,%ld,?), ref: 00DF0640
                                        • Part of subcall function 00DF0617: SetLastError.KERNEL32(?,?), ref: 00DF0678
                                        • Part of subcall function 00E3EAE4: __EH_prolog3.LIBCMT ref: 00E3EAEB
                                        • Part of subcall function 00E1CEF9: __EH_prolog3.LIBCMT ref: 00E1CF00
                                        • Part of subcall function 00E23324: __EH_prolog3.LIBCMT ref: 00E2332B
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                        • Part of subcall function 00DFB88D: __EH_prolog3_GS.LIBCMT ref: 00DFB894
                                        • Part of subcall function 00DFB88D: _wcslen.LIBCMT ref: 00DFB8BE
                                        • Part of subcall function 00E3FF82: __EH_prolog3.LIBCMT ref: 00E3FF89
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3$ErrorLast$FreeH_prolog3_String$_wcslen
                                      • String ID: @o$Ho$Pg
                                      • API String ID: 1208383144-1870328284
                                      • Opcode ID: b517bc7ac9d9bf6be52a8c8642e021ca805a98417eaa0110153eb0ee517b83b8
                                      • Instruction ID: fdc91d01b4e39dc28a5cf6600b78af8d29542d2558f4b0e1a407f14fc8807905
                                      • Opcode Fuzzy Hash: b517bc7ac9d9bf6be52a8c8642e021ca805a98417eaa0110153eb0ee517b83b8
                                      • Instruction Fuzzy Hash: 96319170D01248AACF14EFA0D846BEDBBB4AF51314F509099F9587B282DBB05A09CBB1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E2050D Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 72COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E20517
                                        • Part of subcall function 00DF070A: __EH_prolog3.LIBCMT ref: 00DF0711
                                        • Part of subcall function 00DF070A: GetLastError.KERNEL32(00000004,00DE4709,00E965D4,?,00000000), ref: 00DF0733
                                        • Part of subcall function 00DF070A: SetLastError.KERNEL32(?,?,?), ref: 00DF0774
                                        • Part of subcall function 00DE6B40: GetLastError.KERNEL32(7B1078F4), ref: 00DE6B91
                                        • Part of subcall function 00DE6B40: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE6C0A
                                        • Part of subcall function 00DF9714: __EH_prolog3.LIBCMT ref: 00DF971B
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeH_prolog3String$H_prolog3_
                                      • String ID: Hg$Hg$Pg
                                      • API String ID: 117023860-3920519673
                                      • Opcode ID: 0110d1e781dc672c222a5c65c1d5902780479538ee3adb08f3001509685cc62a
                                      • Instruction ID: 7d468ab94e436ec878b68881ef9d084854a2c8a0ed066a5a6aa42d96356d7bd3
                                      • Opcode Fuzzy Hash: 0110d1e781dc672c222a5c65c1d5902780479538ee3adb08f3001509685cc62a
                                      • Instruction Fuzzy Hash: 2731AC70801299EFCF14EBA0C955BDDBBB4EF55300F50819AE44AB3291DB70AB48CB71
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E37113 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 70COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_
                                      • String ID: C:\CodeBases\isdev\Src\Runtime\MSI\Shared\Setup\utils.cpp$Hg$Pg
                                      • API String ID: 2427045233-3619391022
                                      • Opcode ID: 1caccf84cae9ff37e89fc46963e97113fb164e04ade3dbc4b7d85e40050963a6
                                      • Instruction ID: 4fefac11383a478a4dbf76b942f8b143488ef6982157e4c0e193e8939c1bded4
                                      • Opcode Fuzzy Hash: 1caccf84cae9ff37e89fc46963e97113fb164e04ade3dbc4b7d85e40050963a6
                                      • Instruction Fuzzy Hash: 0E218071901258AEDF24EBA4CC55BDEBB78FF11314F10819AE085B7191DB705B08CBB1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E06215 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E0621C
                                      • GetLastError.KERNEL32(00000044,00E08933,00E889F4,?,00000001,000000A4,00E3E644,00E200D0,00000001,00000000,000000C4,00E3F710,?,00000000), ref: 00E0624D
                                      • SetLastError.KERNEL32(?), ref: 00E0628F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3_
                                      • String ID: Pg
                                      • API String ID: 3339191932-754130359
                                      • Opcode ID: c22e55d0b6b0b26f1098d09ad3bb90f72a8c87ac1e6adf1b4de41f2e6f8d9163
                                      • Instruction ID: 8c2450abd6675e35d5561961b46a9d05f71ee43fb6335b2cbb149e31490c63e4
                                      • Opcode Fuzzy Hash: c22e55d0b6b0b26f1098d09ad3bb90f72a8c87ac1e6adf1b4de41f2e6f8d9163
                                      • Instruction Fuzzy Hash: 322157B0905244DFDF05DFA8C98579DBBF0AF08304F1591A9E908AB3A6C7B4DA44CB95
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DFA9A4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DFA9AB
                                        • Part of subcall function 00DFAAC9: __EH_prolog3.LIBCMT ref: 00DFAAD0
                                        • Part of subcall function 00DFAAC9: CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,00000004,00E43E3D,00000004,?,?,000000FF,000000FF,?,00E23404,00000004,00000000,80400100), ref: 00DFAAEC
                                        • Part of subcall function 00DFAAC9: CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,000000FF,000000FF,?,00E23404,00000004,00000000,80400100,00000004,00E3295B,@o,80000000), ref: 00DFAAFC
                                      • GetDesktopWindow.USER32 ref: 00DFAA03
                                      • QueryPerformanceFrequency.KERNEL32(?), ref: 00DFAA56
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CreateEventH_prolog3$DesktopFrequencyPerformanceQueryWindow
                                      • String ID: Ho
                                      • API String ID: 3632255298-3117934875
                                      • Opcode ID: e2ee8fd2864aba66cdfc3d8d609a263d6f3c875a9fa59eadebfaf08fff71e0ec
                                      • Instruction ID: cb445b6005051a24df6ae1e69f8dfa35b9aaa6afbaf4e18934d647a0cbafc630
                                      • Opcode Fuzzy Hash: e2ee8fd2864aba66cdfc3d8d609a263d6f3c875a9fa59eadebfaf08fff71e0ec
                                      • Instruction Fuzzy Hash: 8531DFB0900B458FD7209F7A858539AFBF0BB08300F90892E91EE97652DB74A548DF21
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E328E9 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E328F3
                                        • Part of subcall function 00E1CEF9: __EH_prolog3.LIBCMT ref: 00E1CF00
                                        • Part of subcall function 00DF0617: __EH_prolog3.LIBCMT ref: 00DF061E
                                        • Part of subcall function 00DF0617: GetLastError.KERNEL32(00000004,00DF0837,?,00000000,00000004,00DFB8B4,?,00000001,0000006C,00DFC2A9,?,?,.ini,Hg,%ld,?), ref: 00DF0640
                                        • Part of subcall function 00DF0617: SetLastError.KERNEL32(?,?), ref: 00DF0678
                                        • Part of subcall function 00E23324: __EH_prolog3.LIBCMT ref: 00E2332B
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3$FreeString$H_prolog3_
                                      • String ID: @o$Hg$Ho
                                      • API String ID: 1866482717-3918087556
                                      • Opcode ID: a7b458dc5c3a750a2066c38b8b88305e147a52651db5cc5703cfef0c803aa224
                                      • Instruction ID: 40cb1905255e47571e0f69c539950fa6cc17b0afc88fd6feecbcfa39d8869fb9
                                      • Opcode Fuzzy Hash: a7b458dc5c3a750a2066c38b8b88305e147a52651db5cc5703cfef0c803aa224
                                      • Instruction Fuzzy Hash: C5219D30900259DBDF21EF64DC46BECBBB0BF54314F245198EA98B7291DBB05E45CB61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E22F50 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E22F57
                                      • GetSystemTimeAsFileTime.KERNEL32(?,00000044,00E22F23,?,?,00000005,0000086E,Hg, This setup was created with an EVALUATION VERSION of %s. Evaluation setups work for only %s hours after they were built. Please r,?,00000000,00000038,00E21B4D,?,?,?), ref: 00E22F79
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Time$FileH_prolog3_System
                                      • String ID: Hg$Pg
                                      • API String ID: 477554553-3911212948
                                      • Opcode ID: 556d8ed900c0ee1d7aff436dcf8f0d17bd5831a45885956466b11c51c373c9c7
                                      • Instruction ID: cff96f1f93e330bbe6277cd6827c50ecca66350013d3d5c5f16064097e6f831a
                                      • Opcode Fuzzy Hash: 556d8ed900c0ee1d7aff436dcf8f0d17bd5831a45885956466b11c51c373c9c7
                                      • Instruction Fuzzy Hash: E0117F71A00228EFEF20DF90DE45A9DBBB2EB08705F145029F605B7291D730DC41CB55
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E1EBD9 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 58COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E1EBE0
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeString$H_prolog3_
                                      • String ID: 0x%04x.ini$Hg$Pg
                                      • API String ID: 2549205776-778485410
                                      • Opcode ID: a0de00fbdb33f4e52436033f1f3f39630efcdeae41c4271465c85ff1dc20a93f
                                      • Instruction ID: 3a8e89fc97a96a3d5b4fda3ead24a12421fd743c2d4c0bb5c00f18b2cee714a3
                                      • Opcode Fuzzy Hash: a0de00fbdb33f4e52436033f1f3f39630efcdeae41c4271465c85ff1dc20a93f
                                      • Instruction Fuzzy Hash: 18215C31910659EBCF24EBA0C986BDDF7B4FF04314F541215F926B7291DB70A986CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E46FD6 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 58COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E46FDD
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                        • Part of subcall function 00DF0617: __EH_prolog3.LIBCMT ref: 00DF061E
                                        • Part of subcall function 00DF0617: GetLastError.KERNEL32(00000004,00DF0837,?,00000000,00000004,00DFB8B4,?,00000001,0000006C,00DFC2A9,?,?,.ini,Hg,%ld,?), ref: 00DF0640
                                        • Part of subcall function 00DF0617: SetLastError.KERNEL32(?,?), ref: 00DF0678
                                        • Part of subcall function 00E41465: __EH_prolog3_GS.LIBCMT ref: 00E4146F
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeH_prolog3_String$H_prolog3
                                      • String ID: Hg$Pg$Pg
                                      • API String ID: 386487564-4254811255
                                      • Opcode ID: 1642d7df094eb5722c57031874d6c5636a82fbf0398701de3db8944518da7170
                                      • Instruction ID: 33922dd9f4633aea1b80125e9342faf99e4e8e5b193ac65692bd2401d9c8da44
                                      • Opcode Fuzzy Hash: 1642d7df094eb5722c57031874d6c5636a82fbf0398701de3db8944518da7170
                                      • Instruction Fuzzy Hash: 9A11D071905218DBCF11EFD0D986BED77B8AF54348F10115AE505B7342DB709A09CBB2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E173CA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 58COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E173D1
                                        • Part of subcall function 00E171F4: __EH_prolog3_GS.LIBCMT ref: 00E171FB
                                        • Part of subcall function 00E20670: __EH_prolog3.LIBCMT ref: 00E20677
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                        • Part of subcall function 00DF0809: __EH_prolog3.LIBCMT ref: 00DF0810
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorFreeH_prolog3H_prolog3_LastString
                                      • String ID: Hg$Pg$ProductVersion
                                      • API String ID: 262529356-3038712333
                                      • Opcode ID: 680cbe7ed60968e1b0e11462bf6de1d8eba4c95f54590b149c4846e23fb9e342
                                      • Instruction ID: 0c5080a37b6b36088989fbd50e560c04e87279127a049e09b4d927763d2abb9d
                                      • Opcode Fuzzy Hash: 680cbe7ed60968e1b0e11462bf6de1d8eba4c95f54590b149c4846e23fb9e342
                                      • Instruction Fuzzy Hash: 5D213D70D05258EBDF10EBE5C885BEDBBB8BF44308F205019E445B7282DBB45A49CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3F57C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 57COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00E3F583
                                        • Part of subcall function 00DF0617: __EH_prolog3.LIBCMT ref: 00DF061E
                                        • Part of subcall function 00DF0617: GetLastError.KERNEL32(00000004,00DF0837,?,00000000,00000004,00DFB8B4,?,00000001,0000006C,00DFC2A9,?,?,.ini,Hg,%ld,?), ref: 00DF0640
                                        • Part of subcall function 00DF0617: SetLastError.KERNEL32(?,?), ref: 00DF0678
                                        • Part of subcall function 00E3FBEA: __EH_prolog3.LIBCMT ref: 00E3FBF1
                                        • Part of subcall function 00E3F485: __EH_prolog3.LIBCMT ref: 00E3F48C
                                        • Part of subcall function 00E3F485: RegOverridePredefKey.ADVAPI32(80000000,00000000), ref: 00E3F566
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3$ErrorLast$OverridePredef
                                      • String ID: Hg$Pg$P
                                      • API String ID: 4287843365-2304414641
                                      • Opcode ID: 354900489181752ebd5e67c0c2d49a5b936ce1036dacd29eb14ea27d9fa6651a
                                      • Instruction ID: b3952991f728167c541899d7baff47cd4ac2dac53ef47e4804e6135d8856f41e
                                      • Opcode Fuzzy Hash: 354900489181752ebd5e67c0c2d49a5b936ce1036dacd29eb14ea27d9fa6651a
                                      • Instruction Fuzzy Hash: F51191B0900208AFCF44BF64C8474EE7FA9EF55344F50252AF8196B322D7729955CBE1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3CEC2 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 54COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00E3CEC9
                                        • Part of subcall function 00DF070A: __EH_prolog3.LIBCMT ref: 00DF0711
                                        • Part of subcall function 00DF070A: GetLastError.KERNEL32(00000004,00DE4709,00E965D4,?,00000000), ref: 00DF0733
                                        • Part of subcall function 00DF070A: SetLastError.KERNEL32(?,?,?), ref: 00DF0774
                                        • Part of subcall function 00DF0617: __EH_prolog3.LIBCMT ref: 00DF061E
                                        • Part of subcall function 00DF0617: GetLastError.KERNEL32(00000004,00DF0837,?,00000000,00000004,00DFB8B4,?,00000001,0000006C,00DFC2A9,?,?,.ini,Hg,%ld,?), ref: 00DF0640
                                        • Part of subcall function 00DF0617: SetLastError.KERNEL32(?,?), ref: 00DF0678
                                        • Part of subcall function 00E3CF72: __EH_prolog3_GS.LIBCMT ref: 00E3CF7C
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3$FreeString$H_prolog3_
                                      • String ID: Hg$Ho$Pg
                                      • API String ID: 1866482717-4202242317
                                      • Opcode ID: 5979c2fd248e0a6336789ca4fd34dab6e7dce669e60ba9cb45760717890f7daa
                                      • Instruction ID: 54c4f6f1b4e6e8f5ee2937fc6927fd60dc145f08a8b8c188dc424bb7919fe44b
                                      • Opcode Fuzzy Hash: 5979c2fd248e0a6336789ca4fd34dab6e7dce669e60ba9cb45760717890f7daa
                                      • Instruction Fuzzy Hash: F4117C70901248EFDF11AF24C846BAC7FE4EF45304F604159F8286B3A3D7719A5ACBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E356F6 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 54COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E356FD
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                        • Part of subcall function 00E359DF: __EH_prolog3_GS.LIBCMT ref: 00E359E6
                                        • Part of subcall function 00E359DF: CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000,0000004C,00E3576E,?,?,Hg,?), ref: 00E35A29
                                        • Part of subcall function 00E359DF: GetLastError.KERNEL32 ref: 00E35A36
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3_$CreateFile
                                      • String ID: Hg$Pg$Y
                                      • API String ID: 3183828570-482530914
                                      • Opcode ID: 216b99fa1957440fd919a082665d926a5dda9d7a9b34fc4c9d28a55887dbc95a
                                      • Instruction ID: 18ffd777ef0c691cac02e7315f82013c4dd2c97d15dd2934344a0f9aa3b1f8b4
                                      • Opcode Fuzzy Hash: 216b99fa1957440fd919a082665d926a5dda9d7a9b34fc4c9d28a55887dbc95a
                                      • Instruction Fuzzy Hash: 69115576900618DFCF15EFA4C8899EEBBB5FF84304F10001AE906BB251EB309E46CB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE4760 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 52COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00DE4767
                                        • Part of subcall function 00DF4AF9: __EH_prolog3_GS.LIBCMT ref: 00DF4B00
                                        • Part of subcall function 00DF4AF9: GetWindowsDirectoryW.KERNEL32(00000000,00000104,?,00000000), ref: 00DF4B7D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_$DirectoryWindows
                                      • String ID: @o$@o$Ho
                                      • API String ID: 285481429-1084089397
                                      • Opcode ID: 2e3962a9b96e15a4102c786008f5165e890e0751b99f5074b6561bdfb315226f
                                      • Instruction ID: af6cf9b71edf9a4f66f7324215b30412d1f33f4ff63fc2be894aba81cbda3a1e
                                      • Opcode Fuzzy Hash: 2e3962a9b96e15a4102c786008f5165e890e0751b99f5074b6561bdfb315226f
                                      • Instruction Fuzzy Hash: A011C6719003589AD724FFA5A887BEDBBB4EF80300F201109E604772C3C7B09945CAA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE4810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 52COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00DE4817
                                        • Part of subcall function 00E3FEEF: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,?,00E37A87,000000BC,00E0C3C5,?,?,?,?,?), ref: 00E3FF03
                                        • Part of subcall function 00E3FEEF: GetProcAddress.KERNEL32(00000000), ref: 00E3FF0A
                                        • Part of subcall function 00E3FEEF: GetCurrentProcess.KERNEL32(00000000,?,?,?,00E37A87,000000BC,00E0C3C5,?,?,?,?,?), ref: 00E3FF1A
                                        • Part of subcall function 00DF4AF9: __EH_prolog3_GS.LIBCMT ref: 00DF4B00
                                        • Part of subcall function 00DF4AF9: GetWindowsDirectoryW.KERNEL32(00000000,00000104,?,00000000), ref: 00DF4B7D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_$AddressCurrentDirectoryHandleModuleProcProcessWindows
                                      • String ID: @o$@o$Ho
                                      • API String ID: 1250124898-1084089397
                                      • Opcode ID: 5aad840fdd6a96de90fe9e06dd3a03719ba345dc16b5e54cf20bc3b27cbe1ab0
                                      • Instruction ID: a968502d6e9c8a7bb0868b5db3dd02e285aea6d8110053977f25316239b230d2
                                      • Opcode Fuzzy Hash: 5aad840fdd6a96de90fe9e06dd3a03719ba345dc16b5e54cf20bc3b27cbe1ab0
                                      • Instruction Fuzzy Hash: 1B11C270A002589EDB20FFE5A987AEDBBB8EF84310F241119E508772C3DBB04905CB70
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E202A8 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 46COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E202AF
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeString$H_prolog3_
                                      • String ID: Hg$Hg$Pg
                                      • API String ID: 2549205776-3920519673
                                      • Opcode ID: ed0f4da1e4bd7870d1c1e565bde91d477364f160a560ea9eefb2a95f7596103e
                                      • Instruction ID: 8816dc9a73d889b4dc33a9348344eafe8f72253bb9cda55bd1f8f3f7f6b02666
                                      • Opcode Fuzzy Hash: ed0f4da1e4bd7870d1c1e565bde91d477364f160a560ea9eefb2a95f7596103e
                                      • Instruction Fuzzy Hash: E411133180065DDBDF10DFA0D986AEDBBB4FB44314F20111AE416B7292DB70AA49CF60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E1F4B4 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 46COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E1F4BB
                                        • Part of subcall function 00DF3FA5: _wcslen.LIBCMT ref: 00DF3FCD
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3__wcslen
                                      • String ID: /qb$/qn$/quiet
                                      • API String ID: 3251556500-508938941
                                      • Opcode ID: 1f5280b36a68b46bf07731a8a2292c191e329ad0327b2e4706eefe6bab8d9b12
                                      • Instruction ID: da7a5f0fa393ffbb14c092b8a8772793296b512a8d5eafa5c64a1a2027f5dc93
                                      • Opcode Fuzzy Hash: 1f5280b36a68b46bf07731a8a2292c191e329ad0327b2e4706eefe6bab8d9b12
                                      • Instruction Fuzzy Hash: 7801AD70A01109DBCF04EFA4C4955EDBBB1BF88314F69622CE529B7290D7305E47DB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3C41C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 45COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00E3C423
                                      • GetFileAttributesW.KERNEL32(?,00000000,00E3C9EA), ref: 00E3C43E
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: AttributesFileH_prolog3
                                      • String ID: Hg$Pg
                                      • API String ID: 1973727094-3911212948
                                      • Opcode ID: f958614ac4a58ae6d0f4d91ea1571d0bd6887cfbbfe50ddd818ab1d6be8ffb8a
                                      • Instruction ID: 4667e2f6a98a12623bbccf1a41787bf2443b0b75698bbeaac3215becfe766e11
                                      • Opcode Fuzzy Hash: f958614ac4a58ae6d0f4d91ea1571d0bd6887cfbbfe50ddd818ab1d6be8ffb8a
                                      • Instruction Fuzzy Hash: C40188B5500208AFCB10EF64C49669D7FE8EF44754F605069F85CEB212D731CA45CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E02189 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 00E0219A
                                      • GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedW), ref: 00E021AA
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: AddressHandleModuleProc
                                      • String ID: Advapi32.dll$RegCreateKeyTransactedW
                                      • API String ID: 1646373207-2994018265
                                      • Opcode ID: a3119c6824c7411d04d706365b6ff6c25728127ccfa9122ecf03fb2ce2710028
                                      • Instruction ID: 9632f4e82efe1f0fbceea85a24e9ee1fc8b3473787b60064edb45c73af67e5e9
                                      • Opcode Fuzzy Hash: a3119c6824c7411d04d706365b6ff6c25728127ccfa9122ecf03fb2ce2710028
                                      • Instruction Fuzzy Hash: 23016D33241609EFCF121F95DC08BEA3BA6FB88755F151029FB18B11A0DB72D8A1EB54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DF090D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00DF0914
                                      • SetLastError.KERNEL32(000000FF,?,00000001), ref: 00DF098A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorH_prolog3_Last
                                      • String ID: .g$Pg
                                      • API String ID: 1018228973-1363215343
                                      • Opcode ID: 8c475c85ee80e19ad66270af29a69c2c35557cb6cd167ea63371d24790a16c6a
                                      • Instruction ID: 56558f5abac62e1268fdbc7394b19d1927ebafd57d768dc2ec80e497c3fec0f9
                                      • Opcode Fuzzy Hash: 8c475c85ee80e19ad66270af29a69c2c35557cb6cd167ea63371d24790a16c6a
                                      • Instruction Fuzzy Hash: E411D671900248DBEB11EF90C846B9EBBB5EF40354F544449F555B7282DBB1DE01CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3B45D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E3B467
                                      • GetWindowsDirectoryW.KERNEL32(?,00000104,00000264,00DE48EC,@o,00000000), ref: 00E3B481
                                        • Part of subcall function 00DF070A: __EH_prolog3.LIBCMT ref: 00DF0711
                                        • Part of subcall function 00DF070A: GetLastError.KERNEL32(00000004,00DE4709,00E965D4,?,00000000), ref: 00DF0733
                                        • Part of subcall function 00DF070A: SetLastError.KERNEL32(?,?,?), ref: 00DF0774
                                        • Part of subcall function 00DF4ECA: _wcslen.LIBCMT ref: 00DF4F10
                                        • Part of subcall function 00DF0617: __EH_prolog3.LIBCMT ref: 00DF061E
                                        • Part of subcall function 00DF0617: GetLastError.KERNEL32(00000004,00DF0837,?,00000000,00000004,00DFB8B4,?,00000001,0000006C,00DFC2A9,?,?,.ini,Hg,%ld,?), ref: 00DF0640
                                        • Part of subcall function 00DF0617: SetLastError.KERNEL32(?,?), ref: 00DF0678
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeH_prolog3String$DirectoryH_prolog3_Windows_wcslen
                                      • String ID: @o$Ho
                                      • API String ID: 767329159-3574598281
                                      • Opcode ID: 3d78119915ed219d6798b4564ec070c0999f5bcd2a1c0eda175ba39da8ea1872
                                      • Instruction ID: 818c7608f8891f67271ce6ca4ae3bc66b0f3ae0148f5fc87b4cef629a763cb26
                                      • Opcode Fuzzy Hash: 3d78119915ed219d6798b4564ec070c0999f5bcd2a1c0eda175ba39da8ea1872
                                      • Instruction Fuzzy Hash: AC111B71A502189ACB60EF50DC8ABEDB7B8EF54700F4051D9A20DB3191DF709A85CF65
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E1B4EC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetModuleHandleW.KERNEL32(Advapi32.dll,?,00000000,?,?,00E1ADC7,?,?,?,?,00E1B4B9,?,?,?,?,?), ref: 00E1B4FF
                                      • GetProcAddress.KERNEL32(00000000,RegDeleteKeyTransactedW), ref: 00E1B50F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: AddressHandleModuleProc
                                      • String ID: Advapi32.dll$RegDeleteKeyTransactedW
                                      • API String ID: 1646373207-2168864297
                                      • Opcode ID: 7782995bb31b73a18d16f3db0cf2f004b9e49623dabfaca16bd392ae6dfcd732
                                      • Instruction ID: 73ed8ffa5271cc6c1d77429ed9806f86bbe9a346cf6d648dc4f7241e4a34737e
                                      • Opcode Fuzzy Hash: 7782995bb31b73a18d16f3db0cf2f004b9e49623dabfaca16bd392ae6dfcd732
                                      • Instruction Fuzzy Hash: 53F0B433340B08AFDB102FA6AC848B67B9FEB907AA314503AF249B5110DB328C459760
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E24F9F Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E24FA6
                                        • Part of subcall function 00DF070A: __EH_prolog3.LIBCMT ref: 00DF0711
                                        • Part of subcall function 00DF070A: GetLastError.KERNEL32(00000004,00DE4709,00E965D4,?,00000000), ref: 00DF0733
                                        • Part of subcall function 00DF070A: SetLastError.KERNEL32(?,?,?), ref: 00DF0774
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3H_prolog3_
                                      • String ID: Hg$Pg$file://
                                      • API String ID: 852442433-1136127818
                                      • Opcode ID: 4baacfd09802ceb1a6aedabeb87001029c9054a0d2a4c1118a5510751af8bb86
                                      • Instruction ID: 5c724e636c270caa5880dbf7a8f18ef06163b0270d5b29143749ecb91cc16e90
                                      • Opcode Fuzzy Hash: 4baacfd09802ceb1a6aedabeb87001029c9054a0d2a4c1118a5510751af8bb86
                                      • Instruction Fuzzy Hash: B7014CB1C00348DBCB24EFE4D9815DDBAB4AF41314F10566AE161B62D1D7704906CB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E25097 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E2509E
                                        • Part of subcall function 00DF070A: __EH_prolog3.LIBCMT ref: 00DF0711
                                        • Part of subcall function 00DF070A: GetLastError.KERNEL32(00000004,00DE4709,00E965D4,?,00000000), ref: 00DF0733
                                        • Part of subcall function 00DF070A: SetLastError.KERNEL32(?,?,?), ref: 00DF0774
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3H_prolog3_
                                      • String ID: Hg$Pg$http://
                                      • API String ID: 852442433-2610429628
                                      • Opcode ID: e0193b5f80a7445893b4d86e8c7d47d8ec59980c8680737ff829e10fff1e7573
                                      • Instruction ID: 746d172f672719526ade640c224d7505c79833ed287b83d199dac05eecee46bc
                                      • Opcode Fuzzy Hash: e0193b5f80a7445893b4d86e8c7d47d8ec59980c8680737ff829e10fff1e7573
                                      • Instruction Fuzzy Hash: 4E015AB1C00348DBCB24EFE4D9825EEBFB4AF41314F20566AE162B7291DB704906CB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E2501B Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E25022
                                        • Part of subcall function 00DF070A: __EH_prolog3.LIBCMT ref: 00DF0711
                                        • Part of subcall function 00DF070A: GetLastError.KERNEL32(00000004,00DE4709,00E965D4,?,00000000), ref: 00DF0733
                                        • Part of subcall function 00DF070A: SetLastError.KERNEL32(?,?,?), ref: 00DF0774
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3H_prolog3_
                                      • String ID: Hg$Pg$ftp://
                                      • API String ID: 852442433-59139308
                                      • Opcode ID: c23d7e4c5d800b723cd729cd024447c3de08d33a54d99df1126cf5074d28f1d3
                                      • Instruction ID: 3f15e6ea8a58deec84fe64514054eff8a7cf4ab151066d16dd9b2a5091e24637
                                      • Opcode Fuzzy Hash: c23d7e4c5d800b723cd729cd024447c3de08d33a54d99df1126cf5074d28f1d3
                                      • Instruction Fuzzy Hash: 46014C71C003489BCB24EFE499815DEBBB4AF41314F10526EE161B6291D7704906CB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E25113 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E2511A
                                        • Part of subcall function 00DF070A: __EH_prolog3.LIBCMT ref: 00DF0711
                                        • Part of subcall function 00DF070A: GetLastError.KERNEL32(00000004,00DE4709,00E965D4,?,00000000), ref: 00DF0733
                                        • Part of subcall function 00DF070A: SetLastError.KERNEL32(?,?,?), ref: 00DF0774
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3H_prolog3_
                                      • String ID: Hg$Pg$https://
                                      • API String ID: 852442433-1198443681
                                      • Opcode ID: 4857be1ed226e96d90ce90c3e23b2ca6643311ecd2a2b65237c55c213021bf8f
                                      • Instruction ID: 987b060535236374fd085db1bba6eb232a311f8ecbeddb11dc0059dd801dda0f
                                      • Opcode Fuzzy Hash: 4857be1ed226e96d90ce90c3e23b2ca6643311ecd2a2b65237c55c213021bf8f
                                      • Instruction Fuzzy Hash: 02015AB1C01748DBCB24EFE5D9826EEBFB4AF41314F24526AE162B72D1E7704906CB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DFF67F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00DFF686
                                      • _wcslen.LIBCMT ref: 00DFF6C9
                                      • SetLastError.KERNEL32(00000000,?,00000000), ref: 00DFF6E6
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorH_prolog3_Last_wcslen
                                      • String ID: Pg
                                      • API String ID: 3613133196-754130359
                                      • Opcode ID: a62d91ef43df2a82b831b152331d604056b481341549ea8c116ea113e1818b66
                                      • Instruction ID: de92e2e4460c6e74d02c3d3c02eb64d597601f1507883128e53ba928b7830b31
                                      • Opcode Fuzzy Hash: a62d91ef43df2a82b831b152331d604056b481341549ea8c116ea113e1818b66
                                      • Instruction Fuzzy Hash: 31018B71900A08ABDB11FF90D886F9DB7B8BF44754F90441AB145BB191CB719A0ACBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DF068C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DF0693
                                      • GetLastError.KERNEL32(00000004,00DF087C,?,00000002,?,00000000,00000000,00000004,00DF49C0,?,00000002,?,?,00000001,00000008,00DF5441), ref: 00DF06B5
                                      • SetLastError.KERNEL32(00000000,?,00000002,?,00000000,?,00000002,?,?,00000001,00000008,00DF5441,00000001,00000001,000000FF,?), ref: 00DF06F6
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Pg
                                      • API String ID: 3502553090-754130359
                                      • Opcode ID: 34c1910177f3829f314399588ee2b047b85935e593fe4195f2bb1dc3bec1b4e4
                                      • Instruction ID: fd383d514dc8c549058c6191bf584e0fb76aae002ac91e44e32c7de2bc342930
                                      • Opcode Fuzzy Hash: 34c1910177f3829f314399588ee2b047b85935e593fe4195f2bb1dc3bec1b4e4
                                      • Instruction Fuzzy Hash: 67014CB550060AEFCB01DF58C849659BFF1FF48314F158156F558A7652C7B0EA20DBD0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E22ED5 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E22EDC
                                        • Part of subcall function 00DF070A: __EH_prolog3.LIBCMT ref: 00DF0711
                                        • Part of subcall function 00DF070A: GetLastError.KERNEL32(00000004,00DE4709,00E965D4,?,00000000), ref: 00DF0733
                                        • Part of subcall function 00DF070A: SetLastError.KERNEL32(?,?,?), ref: 00DF0774
                                        • Part of subcall function 00E22F50: __EH_prolog3_GS.LIBCMT ref: 00E22F57
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      • Hg, xrefs: 00E22EF5
                                      • This setup was created with an EVALUATION VERSION of %s. Evaluation setups work for only %s hours after they were built. Please r, xrefs: 00E22EF0
                                      • Pg, xrefs: 00E22EF8
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeH_prolog3_String$H_prolog3
                                      • String ID: This setup was created with an EVALUATION VERSION of %s. Evaluation setups work for only %s hours after they were built. Please r$Hg$Pg
                                      • API String ID: 386487564-3650286009
                                      • Opcode ID: e1ed09e62c37f7adcf535bd969cb34355900b792778b83cd0a460a1c22e7c484
                                      • Instruction ID: 76e89cac152e5ca127013b394a277d58d5fa16d515a0e49eb235a509d0ddbcb7
                                      • Opcode Fuzzy Hash: e1ed09e62c37f7adcf535bd969cb34355900b792778b83cd0a460a1c22e7c484
                                      • Instruction Fuzzy Hash: F4F08134600218FBDF11AFA0DD4AAADBA72EB80310F449119F904772D1DBB08D16DBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DF070A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DF0711
                                      • GetLastError.KERNEL32(00000004,00DE4709,00E965D4,?,00000000), ref: 00DF0733
                                      • SetLastError.KERNEL32(?,?,?), ref: 00DF0774
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Pg
                                      • API String ID: 3502553090-754130359
                                      • Opcode ID: 0834dae62977d43ae01e5f404249724fe142c690d6d27f7969a9aab965b7cb05
                                      • Instruction ID: 4e900d9690028e19712445fb70aa2cdb96c344b9173865fb4e4c70b79b589210
                                      • Opcode Fuzzy Hash: 0834dae62977d43ae01e5f404249724fe142c690d6d27f7969a9aab965b7cb05
                                      • Instruction Fuzzy Hash: 1C0144B5900A1AEFCB01DF58C849A58BFF4FF48314F11825AE598AB652C7B0EA50CF80
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E0619E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00E061A5
                                      • GetLastError.KERNEL32(00000004,00E04D5A,00000001,?,?,00000000,00000040,00E08851,00E200D0,?,?,?,00000000,0000003C,00E089F8,?), ref: 00E061C7
                                      • SetLastError.KERNEL32(?,?,?,00000000,?,?,00000000,0000003C,00E089F8,?,00000022,000000A4,00E3E644,00E200D0,00000001,00000000), ref: 00E06201
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Pg
                                      • API String ID: 3502553090-754130359
                                      • Opcode ID: 3975b16b9d8d9c963432e5c2309fe2946cda5d2a2e546b305f0ef3b5f0046712
                                      • Instruction ID: f88b750ebb7b473eb13a53ffbfb5078648c35f7b625c00bf4c034f6d6936132b
                                      • Opcode Fuzzy Hash: 3975b16b9d8d9c963432e5c2309fe2946cda5d2a2e546b305f0ef3b5f0046712
                                      • Instruction Fuzzy Hash: 58011675501A16EFCB01DF58C90965CBFF1FF48314F15825AE598AB6A2C7B0AA60DB80
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DF0617 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DF061E
                                      • GetLastError.KERNEL32(00000004,00DF0837,?,00000000,00000004,00DFB8B4,?,00000001,0000006C,00DFC2A9,?,?,.ini,Hg,%ld,?), ref: 00DF0640
                                      • SetLastError.KERNEL32(?,?), ref: 00DF0678
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Pg
                                      • API String ID: 3502553090-754130359
                                      • Opcode ID: ce7c207fc1726a78b248952e568aec0bd71186107bc0bbb2b19ec0db293d0b6e
                                      • Instruction ID: d4881c2eab19bbbcc2bb7ca53417c380ad5d3e9f8e8e876b17fda27332dc5edc
                                      • Opcode Fuzzy Hash: ce7c207fc1726a78b248952e568aec0bd71186107bc0bbb2b19ec0db293d0b6e
                                      • Instruction Fuzzy Hash: 250128B1901A06EFCB01DF68C949658BFF4FF48318F15825AE598AB752C7B0EA51CF80
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E015A2 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E015A9
                                        • Part of subcall function 00DF070A: __EH_prolog3.LIBCMT ref: 00DF0711
                                        • Part of subcall function 00DF070A: GetLastError.KERNEL32(00000004,00DE4709,00E965D4,?,00000000), ref: 00DF0733
                                        • Part of subcall function 00DF070A: SetLastError.KERNEL32(?,?,?), ref: 00DF0774
                                        • Part of subcall function 00DF9714: __EH_prolog3.LIBCMT ref: 00DF971B
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeH_prolog3String$H_prolog3_
                                      • String ID: .msi$Hg$Pg
                                      • API String ID: 117023860-3821975995
                                      • Opcode ID: 16ff3519d8e3fa69ebf2b7732ffb6ebf21d927a93b40930f1c7bfc9ad5ed7475
                                      • Instruction ID: 4414b7a3de6b65d9d36ef49f0eadeeb3951aa27fd65346339e03510066f284ff
                                      • Opcode Fuzzy Hash: 16ff3519d8e3fa69ebf2b7732ffb6ebf21d927a93b40930f1c7bfc9ad5ed7475
                                      • Instruction Fuzzy Hash: 18F03C74801258EFDB14FBE0D99AAECBBB4EB51304F60525DE111B72C2DBB45A0ACB61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DFF5D2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DFF5D9
                                      • GetLastError.KERNEL32(00000004,00DFF3AB,00000000,00000001,?,00000000,Pg,00000001,0000006C,00E1DB94,?,00000000,00E88190,?,00E88190,00000000), ref: 00DFF5FB
                                      • SetLastError.KERNEL32(?,?), ref: 00DFF62F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Pg
                                      • API String ID: 3502553090-754130359
                                      • Opcode ID: bdeb2da1128a9d2e4a9d00bf8d3552b40f5533bc7a62ff15822b973fa3a1cbfe
                                      • Instruction ID: aaf2b7618b3c821bf1ef9603a2ff17f9e78a525c24212e6e3c9e706072d2fa6c
                                      • Opcode Fuzzy Hash: bdeb2da1128a9d2e4a9d00bf8d3552b40f5533bc7a62ff15822b973fa3a1cbfe
                                      • Instruction Fuzzy Hash: 40014B75501A46EFC701DF58C909658FFF1FF48314F15825AE598AB652C7B0EA10DF80
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E175B1 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E175B8
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                        • Part of subcall function 00E17486: __EH_prolog3_GS.LIBCMT ref: 00E1748D
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeH_prolog3_String
                                      • String ID: Hg$Pg$ProductCode
                                      • API String ID: 2608676048-2865589873
                                      • Opcode ID: c12dc9a78046ffeada40bf1390b9e6d53fbcc369451a3548d99869d7a7d24614
                                      • Instruction ID: 8b83ab3ba6c1856016349e802adb24e76de9366c22598cb58f57ffcf7bd454cb
                                      • Opcode Fuzzy Hash: c12dc9a78046ffeada40bf1390b9e6d53fbcc369451a3548d99869d7a7d24614
                                      • Instruction Fuzzy Hash: 41F0F9B190010CDBCB10EFC5C8869EEBBB9FF84348F14541AE5097B241D7B45A4ACBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E17543 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 30COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E1754A
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                        • Part of subcall function 00E17486: __EH_prolog3_GS.LIBCMT ref: 00E1748D
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeH_prolog3_String
                                      • String ID: Hg$PackageCode$Pg
                                      • API String ID: 2608676048-2150793070
                                      • Opcode ID: 258077dd90bce8cf04511206d4c76c6baaf7dd3fe1a596d1341b1ef751a28ac5
                                      • Instruction ID: 0af80313e8c3649373e0bcac7808d3ff354cbe7cc2dbd40954092fbb12984cfc
                                      • Opcode Fuzzy Hash: 258077dd90bce8cf04511206d4c76c6baaf7dd3fe1a596d1341b1ef751a28ac5
                                      • Instruction Fuzzy Hash: 53F01771900208EBDF10EFC0D88ABEEBBB5FF80718F105019E5057B281DBB45A4ADBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E1761D Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 30COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E17624
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                        • Part of subcall function 00E17486: __EH_prolog3_GS.LIBCMT ref: 00E1748D
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeH_prolog3_String
                                      • String ID: Hg$Pg$ProductVersion
                                      • API String ID: 2608676048-3038712333
                                      • Opcode ID: bd0920357744de7fa8f4ef9caedad325b662d92d5fc390bc5a3b44262aa0b506
                                      • Instruction ID: e06e9d957bc2e42e98247c73a41ce53b81f09e8d16a54bd188a627d29e537e30
                                      • Opcode Fuzzy Hash: bd0920357744de7fa8f4ef9caedad325b662d92d5fc390bc5a3b44262aa0b506
                                      • Instruction Fuzzy Hash: D1F01771900208EBDF10EFC0D88ABEEBBB5FF80718F105019E5057B281DBB45A4ADBA5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E4F5DF Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 216stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • lstrcmpA.KERNEL32(?,GIF87a,00000000,00000000,?), ref: 00E4F62B
                                      • lstrcmpA.KERNEL32(?,GIF89a), ref: 00E4F643
                                        • Part of subcall function 00E4FD7C: __EH_prolog3.LIBCMT ref: 00E4FD83
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: lstrcmp$H_prolog3
                                      • String ID: GIF87a$GIF89a
                                      • API String ID: 477540313-2918331024
                                      • Opcode ID: ba8d540555fe1f8e9f75b79b0e8a64f9ea88b74f54a83f4fcb6ebb4d38335304
                                      • Instruction ID: c538291a79d2694699de35d360cd105050b842ecd36542f9205d41a7cf94f2de
                                      • Opcode Fuzzy Hash: ba8d540555fe1f8e9f75b79b0e8a64f9ea88b74f54a83f4fcb6ebb4d38335304
                                      • Instruction Fuzzy Hash: 75614871A10212AFCF249F28D88ABAAB7F8FF19704F24147BE581F7241E7789545CB61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E0E17B Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 185stringCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00E087A4: __set_se_translator.LIBVCRUNTIME ref: 00E087AE
                                        • Part of subcall function 00E1F763: __EH_prolog3_GS.LIBCMT ref: 00E1F76D
                                      • lstrcmpiW.KERNEL32(-00000004,?,?,-00000004,PackageCode,?,00000032,?), ref: 00E0E1DC
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3___set_se_translatorlstrcmpi
                                      • String ID: "$InstallSource$PackageName
                                      • API String ID: 333894392-987235988
                                      • Opcode ID: de0ae13c1d2f661927c0edee7dfbbb1b7f9cfbad213ddf49ea5d5a0d10980295
                                      • Instruction ID: 0fda8ba1755a8f11e790dd1ba0b2068f10bf1208d4c3baee8e6bc1012f1c87c6
                                      • Opcode Fuzzy Hash: de0ae13c1d2f661927c0edee7dfbbb1b7f9cfbad213ddf49ea5d5a0d10980295
                                      • Instruction Fuzzy Hash: C6819271D02298DEEF11EB64C955BEEBBB4AF55300F0440D9E149B7292DB705F84CBA2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DFD07E Relevance: 6.1, APIs: 4, Instructions: 113windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00DFD088
                                      • GetWindowDC.USER32(00000000), ref: 00DFD184
                                      • CreateDIBitmap.GDI32(00000000,00000000,00000004,?,00000000,00000000), ref: 00DFD19C
                                      • ReleaseDC.USER32(00000000,00000000), ref: 00DFD1C7
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: BitmapCreateH_prolog3_ReleaseWindow
                                      • String ID:
                                      • API String ID: 2731784340-0
                                      • Opcode ID: ca3603f92278188f82587c24285cd816a6abd95b7cffda02c98b2ed73330edc9
                                      • Instruction ID: c5b525575bfad9e529ef6cd2105aca330c9bef843022ccd9c9c437e1336941d3
                                      • Opcode Fuzzy Hash: ca3603f92278188f82587c24285cd816a6abd95b7cffda02c98b2ed73330edc9
                                      • Instruction Fuzzy Hash: D24128719002189FDB54DF64D885BAEBBF4BF08314F1081AAE55DE7292EB309A45CF60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E18EEA Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E18EF1
                                        • Part of subcall function 00E1879C: __EH_prolog3_GS.LIBCMT ref: 00E187A3
                                        • Part of subcall function 00E1879C: IsWindow.USER32(?), ref: 00E187E9
                                        • Part of subcall function 00E1879C: SendMessageW.USER32(?,00001061,?,00000008), ref: 00E187FE
                                      • SendMessageW.USER32(?,0000101E,00000000,000000FE), ref: 00E18FBE
                                      • SendMessageW.USER32(?,00001036,00000000,00000020), ref: 00E18FD4
                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00E18FE2
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: MessageSend$H_prolog3_$Window
                                      • String ID:
                                      • API String ID: 1329796335-0
                                      • Opcode ID: e5eadff4fd98fa6f63099ee6433e2ee9ab567b106c38dd6de5df2a14f20c14af
                                      • Instruction ID: f78e9401c83ac1242ea754187f3923da4aa9e40968860dc5557f29317773c7c9
                                      • Opcode Fuzzy Hash: e5eadff4fd98fa6f63099ee6433e2ee9ab567b106c38dd6de5df2a14f20c14af
                                      • Instruction Fuzzy Hash: E431A371A00214ABCB20EB65CD95ADEBBF6BF48320F105505F556BB2C1CF70AD42CB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E48FA6 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 95COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32 ref: 00E48FF3
                                      • SetLastError.KERNEL32(?,?), ref: 00E4902D
                                      • MulDiv.KERNEL32(?,?,00000004), ref: 00E490AB
                                      • MulDiv.KERNEL32(?,?,00000008), ref: 00E490DB
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast
                                      • String ID: ALL$Pg
                                      • API String ID: 1452528299-2761254607
                                      • Opcode ID: b98c97b4d0a51a7dc43c364a5ae5c3a44556593cde2a24863d0b7c624be67982
                                      • Instruction ID: add6147d316bbf2e3539f0f4c90a5902a4f8b518b1ecc8438536c10266163ebd
                                      • Opcode Fuzzy Hash: b98c97b4d0a51a7dc43c364a5ae5c3a44556593cde2a24863d0b7c624be67982
                                      • Instruction Fuzzy Hash: CD413574600600DFDB20DF14E598BA6BBF1BF49308F198098D9496B7A2D732EC4ACF91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3EA0E Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                      Download Yara Rule
                                      APIs
                                      • FindResourceExW.KERNEL32(?,00000006,?,?,?,00000000,?,?,00DFC437,?,?,?,?,?,00000001), ref: 00E3EA2D
                                      • FindResourceExW.KERNEL32(?,00000006,00000001,?,?,?,00DFC437,?,?,?,?,?,00000001), ref: 00E3EA5E
                                      • FindResourceExW.KERNEL32(?,00000006,00000001,00000000,?,?,00DFC437,?,?,?,?,?,00000001), ref: 00E3EAB9
                                      • FindResourceExW.KERNEL32(?,00000006,00000001,00000400,?,?,00DFC437,?,?,?,?,?,00000001), ref: 00E3EA8B
                                        • Part of subcall function 00E3E97C: __EH_prolog3_GS.LIBCMT ref: 00E3E983
                                        • Part of subcall function 00E3E97C: LoadResource.KERNEL32(?,?,00000038,00E3EAD4,?,?,?,?,?,?,00DFC437,?,?,?,?,?), ref: 00E3E99A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Resource$Find$H_prolog3_Load
                                      • String ID:
                                      • API String ID: 4133745404-0
                                      • Opcode ID: 306ecef009400a4d4207b035c565825b5542e5dd7227b85907a8e66927d00b74
                                      • Instruction ID: 589524891f83cd92148c568d1e54856e421611bd407eff1eb934020bacf7e818
                                      • Opcode Fuzzy Hash: 306ecef009400a4d4207b035c565825b5542e5dd7227b85907a8e66927d00b74
                                      • Instruction Fuzzy Hash: 22216B75500309BBEF209F158C09FEA3FADEF4A794F049051FD15B6291E631DA15EBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E04340 Relevance: 6.1, APIs: 4, Instructions: 73stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E0434A
                                        • Part of subcall function 00DFC5BC: __EH_prolog3_GS.LIBCMT ref: 00DFC5C3
                                      • lstrcpyA.KERNEL32(?,00000000), ref: 00E043B5
                                        • Part of subcall function 00DFBF9D: __EH_prolog3_GS.LIBCMT ref: 00DFBFA7
                                        • Part of subcall function 00DFBF6A: __EH_prolog3.LIBCMT ref: 00DFBF71
                                      • lstrcpyA.KERNEL32(?,00000000,?,?), ref: 00E043EE
                                        • Part of subcall function 00E48D90: wsprintfA.USER32 ref: 00E48E17
                                        • Part of subcall function 00E48D90: GetLastError.KERNEL32 ref: 00E48E73
                                        • Part of subcall function 00E48D90: SetLastError.KERNEL32(?,?), ref: 00E48EAE
                                      • lstrcpyA.KERNEL32(?,00000000,?,00000000,00000174,00E0459D,?,?,00000001), ref: 00E04394
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3_lstrcpy$FreeString$H_prolog3wsprintf
                                      • String ID:
                                      • API String ID: 1385851474-0
                                      • Opcode ID: 2ea08810b409296b93a42e016df0504b2d8adb3ab090a8adc94ec81b1a693024
                                      • Instruction ID: 24a8fca4fc467cafcb2889d4e75d4078827fcae248479da487eb68c932b4de43
                                      • Opcode Fuzzy Hash: 2ea08810b409296b93a42e016df0504b2d8adb3ab090a8adc94ec81b1a693024
                                      • Instruction Fuzzy Hash: 76216D71901258EFCB54EBB1D9559EEB7B8EF58300F1045A9E149AB291EF309E05CB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E4A740 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 73COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(7B1078F4,00000000,00000000,?,?,?,00E8297D,000000FF,Pg,00E49FAB,?,00000000,00000000,?,00000000), ref: 00E4A77B
                                      • SetLastError.KERNEL32(?,?,00000000), ref: 00E4A7E6
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast
                                      • String ID: Pg$Pg
                                      • API String ID: 1452528299-4246043162
                                      • Opcode ID: b5b1c9f6e9f9220d531af76f4a0b6620b2241314bb7d3a349c98e75942a72006
                                      • Instruction ID: 76a57b8e021408cb5b5ace8e7a722ab36cc1e6ae5fe298912d3b4a5e73194e6a
                                      • Opcode Fuzzy Hash: b5b1c9f6e9f9220d531af76f4a0b6620b2241314bb7d3a349c98e75942a72006
                                      • Instruction Fuzzy Hash: 75213AB1500605AFC714CF69D844B56BBF9FB48328F24866EE819D7B40D776E816CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE71D0 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(?,00000001,0000005C,?), ref: 00DE7235
                                      • SysFreeString.OLEAUT32(?), ref: 00DE724D
                                      • SysFreeString.OLEAUT32(?), ref: 00DE725E
                                      • SetLastError.KERNEL32(?), ref: 00DE7286
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorFreeLastString
                                      • String ID:
                                      • API String ID: 3822639702-0
                                      • Opcode ID: e33af4b22d337f60b6f9b9f27ca39f44e7021d6e3e1ce95aa5ec3ecb5f1d2af0
                                      • Instruction ID: f4638839e57585fe0a018fc10fb01d73ac726009c673e30a45217d11d6fbb32e
                                      • Opcode Fuzzy Hash: e33af4b22d337f60b6f9b9f27ca39f44e7021d6e3e1ce95aa5ec3ecb5f1d2af0
                                      • Instruction Fuzzy Hash: 8A21AE31208701AFC700EF2ADC89A1ABBF1FF84304F50492DF549972A1DB71E819CBA6
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E48260 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 68COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32 ref: 00E482C6
                                      • SetLastError.KERNEL32(?,0000015C), ref: 00E48304
                                        • Part of subcall function 00E49E90: GetLastError.KERNEL32(7B1078F4,?,?,00000000), ref: 00E49EDE
                                        • Part of subcall function 00E49E90: SetLastError.KERNEL32(Pg,?,00000000), ref: 00E49F2F
                                        • Part of subcall function 00E49E90: GetLastError.KERNEL32(?,00000000), ref: 00E49F43
                                        • Part of subcall function 00E49E90: SetLastError.KERNEL32(00E96750,?,00000000), ref: 00E49F7A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast
                                      • String ID: ALL$Pg
                                      • API String ID: 1452528299-2761254607
                                      • Opcode ID: dc2087290c20bbbe3f62770de4f27352574af40d610badf0c791a66b311c7e43
                                      • Instruction ID: 62e24a78cdfcb49649c646c56f7725ee6b95e05062992b030a6a180661915594
                                      • Opcode Fuzzy Hash: dc2087290c20bbbe3f62770de4f27352574af40d610badf0c791a66b311c7e43
                                      • Instruction Fuzzy Hash: 5621F272500B04DFCB10DF55D845B9AB7F8FB48724F00066EEC09AB791DB31A904CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E48350 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 68COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32 ref: 00E483B6
                                      • SetLastError.KERNEL32(?,?), ref: 00E483F4
                                        • Part of subcall function 00E49E90: GetLastError.KERNEL32(7B1078F4,?,?,00000000), ref: 00E49EDE
                                        • Part of subcall function 00E49E90: SetLastError.KERNEL32(Pg,?,00000000), ref: 00E49F2F
                                        • Part of subcall function 00E49E90: GetLastError.KERNEL32(?,00000000), ref: 00E49F43
                                        • Part of subcall function 00E49E90: SetLastError.KERNEL32(00E96750,?,00000000), ref: 00E49F7A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast
                                      • String ID: ALL$Pg
                                      • API String ID: 1452528299-2761254607
                                      • Opcode ID: 93df621914e4217472dadb3c23b98943e2b2419da4295f615243fb292ccc0139
                                      • Instruction ID: 24970d288e3552e50ab324a0787d5abc0ac475bcce88b83f18edd56004ddfa98
                                      • Opcode Fuzzy Hash: 93df621914e4217472dadb3c23b98943e2b2419da4295f615243fb292ccc0139
                                      • Instruction Fuzzy Hash: A821B076504B04DFCB10DF55D845B9AB7F8FB08724F00466EEC19A7791EB35A904CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E48440 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 68COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32 ref: 00E484A6
                                      • SetLastError.KERNEL32(?,?), ref: 00E484E4
                                        • Part of subcall function 00E49E90: GetLastError.KERNEL32(7B1078F4,?,?,00000000), ref: 00E49EDE
                                        • Part of subcall function 00E49E90: SetLastError.KERNEL32(Pg,?,00000000), ref: 00E49F2F
                                        • Part of subcall function 00E49E90: GetLastError.KERNEL32(?,00000000), ref: 00E49F43
                                        • Part of subcall function 00E49E90: SetLastError.KERNEL32(00E96750,?,00000000), ref: 00E49F7A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast
                                      • String ID: ALL$Pg
                                      • API String ID: 1452528299-2761254607
                                      • Opcode ID: 7cd85e5f584217e435b290dc53930bb0c4908e1f602316ed99f398ac81077be7
                                      • Instruction ID: 7d087cde1c54d982a7b4e04f2b9d2926dd069262585c816f4ec4359e12a85e57
                                      • Opcode Fuzzy Hash: 7cd85e5f584217e435b290dc53930bb0c4908e1f602316ed99f398ac81077be7
                                      • Instruction Fuzzy Hash: F821C276900B04DFCB10DF55D845B9AB7F8FB09728F00466EEC59A7791DB35A904CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E48530 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 68COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32 ref: 00E48596
                                      • SetLastError.KERNEL32(?,?), ref: 00E485D4
                                        • Part of subcall function 00E49E90: GetLastError.KERNEL32(7B1078F4,?,?,00000000), ref: 00E49EDE
                                        • Part of subcall function 00E49E90: SetLastError.KERNEL32(Pg,?,00000000), ref: 00E49F2F
                                        • Part of subcall function 00E49E90: GetLastError.KERNEL32(?,00000000), ref: 00E49F43
                                        • Part of subcall function 00E49E90: SetLastError.KERNEL32(00E96750,?,00000000), ref: 00E49F7A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast
                                      • String ID: ALL$Pg
                                      • API String ID: 1452528299-2761254607
                                      • Opcode ID: 855c78634cb7e617b7137474508970c687d268f5b52b17c7a46481194fef8b53
                                      • Instruction ID: 275969810aa940a3af9e031d36c03bc4eedfd5cd645f0c264e3cee5d4691a512
                                      • Opcode Fuzzy Hash: 855c78634cb7e617b7137474508970c687d268f5b52b17c7a46481194fef8b53
                                      • Instruction Fuzzy Hash: 7F21C276500B04DFCB10DF55E945B9AB7F8FB09728F00466EEC19A7791EB35A904CB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E48620 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 68COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32 ref: 00E48686
                                      • SetLastError.KERNEL32(?,?), ref: 00E486C4
                                        • Part of subcall function 00E49E90: GetLastError.KERNEL32(7B1078F4,?,?,00000000), ref: 00E49EDE
                                        • Part of subcall function 00E49E90: SetLastError.KERNEL32(Pg,?,00000000), ref: 00E49F2F
                                        • Part of subcall function 00E49E90: GetLastError.KERNEL32(?,00000000), ref: 00E49F43
                                        • Part of subcall function 00E49E90: SetLastError.KERNEL32(00E96750,?,00000000), ref: 00E49F7A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast
                                      • String ID: ALL$Pg
                                      • API String ID: 1452528299-2761254607
                                      • Opcode ID: fa7b0f49ccc65adcb1b95f2461b6cea1275d8fbaf876ba7ea2f79c2f988113b6
                                      • Instruction ID: d6891cfc45cbcbb50721df28b5ab0e226a327d5cd5f5c4440df0e130827cfed7
                                      • Opcode Fuzzy Hash: fa7b0f49ccc65adcb1b95f2461b6cea1275d8fbaf876ba7ea2f79c2f988113b6
                                      • Instruction Fuzzy Hash: 7621AF76500B049FCB10DF55E845B9AB7E8EB09728F0046AEEC59A7791DB31A9048B90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DF946E Relevance: 6.1, APIs: 4, Instructions: 63stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetTempPathW.KERNEL32(?,?,?,00000000,00000000,?,00DF63CE,?,00000400,00000000,00000001,0000044F,00000000,000008AC,00E0641D,00000452), ref: 00DF948E
                                      • SetErrorMode.KERNEL32(00008003,?,00000000,00000000,?,00DF63CE,?,00000400,00000000,00000001,0000044F,00000000,000008AC,00E0641D,00000452,?), ref: 00DF949D
                                      • GetWindowsDirectoryW.KERNEL32(?,?,?,00000000,00000000,?,00DF63CE,?,00000400,00000000,00000001,0000044F,00000000,000008AC,00E0641D,00000452), ref: 00DF94B4
                                      • lstrcpyW.KERNEL32(?,00E965D4), ref: 00DF94D1
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: DirectoryErrorModePathTempWindowslstrcpy
                                      • String ID:
                                      • API String ID: 3576100887-0
                                      • Opcode ID: b18f85124a65573d82b0f8f5037a8362161d67669c0822640c2f51f0bdac2f2f
                                      • Instruction ID: d16993f7636af04790a862bb6adff0c69d83e8befeeba6ca1f35934dbda4b585
                                      • Opcode Fuzzy Hash: b18f85124a65573d82b0f8f5037a8362161d67669c0822640c2f51f0bdac2f2f
                                      • Instruction Fuzzy Hash: 4801B93270125A7AEB112B775C19FAB7E9DDF927A5F05C038BE09E2191DD20C505C7B4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E28023 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 61COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                        • Part of subcall function 00DF5EAE: __EH_prolog3_GS.LIBCMT ref: 00DF5EB5
                                        • Part of subcall function 00E07064: __EH_prolog3_GS.LIBCMT ref: 00E0706B
                                        • Part of subcall function 00DF9E91: GetLastError.KERNEL32(7B1078F4,?,?,?,?,00E6C363,000000FF), ref: 00DF9ECE
                                        • Part of subcall function 00DF9E91: SysFreeString.OLEAUT32(?), ref: 00DF9EDB
                                        • Part of subcall function 00DF9E91: SetLastError.KERNEL32(?,?,?,?,?,00E6C363,000000FF), ref: 00DF9EEF
                                        • Part of subcall function 00DF9E91: GetLastError.KERNEL32(?,?,?,?,00E6C363,000000FF), ref: 00DF9F03
                                        • Part of subcall function 00DF9E91: SysFreeString.OLEAUT32(00000000), ref: 00DF9F25
                                        • Part of subcall function 00DF9E91: SetLastError.KERNEL32(?,?,?,?,?,00E6C363,000000FF), ref: 00DF9F39
                                      • CoUninitialize.OLE32(00EBEA88,?,00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00E280EA
                                        • Part of subcall function 00DF5D4D: SysFreeString.OLEAUT32(?), ref: 00DF5D9D
                                      Strings
                                      • Setup returning %d, xrefs: 00E28047
                                      • C:\CodeBases\isdev\Src\Runtime\MSI\Shared\Setup\Setup.cpp, xrefs: 00E2803D
                                      • U, xrefs: 00E28092
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeString$H_prolog3_$Uninitialize
                                      • String ID: C:\CodeBases\isdev\Src\Runtime\MSI\Shared\Setup\Setup.cpp$Setup returning %d$U
                                      • API String ID: 524648655-2320443686
                                      • Opcode ID: b931b93a8f6bb6fbd6a31830694a87241e35a1a09483248a026a6a0331875da5
                                      • Instruction ID: 85a2ed23ea28a1347d87b83f17e632c9e61f77d83a831836afa851fcc011a135
                                      • Opcode Fuzzy Hash: b931b93a8f6bb6fbd6a31830694a87241e35a1a09483248a026a6a0331875da5
                                      • Instruction Fuzzy Hash: EB213930802298DADB14EBA1DE56BEDB7B0EB50304F6081D9904A732D2DBB41B88DF61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E37321 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 60stringCOMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00DF694B: __EH_prolog3_GS.LIBCMT ref: 00DF6952
                                      • lstrcpyW.KERNEL32(Pg,-00000006), ref: 00E3736F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_lstrcpy
                                      • String ID: Hg$Pg$Pg
                                      • API String ID: 378676564-4254811255
                                      • Opcode ID: 61e74573483a0807baeec319394bbab6a9e4d4c8f7dd9e7333c55b16b9858ec6
                                      • Instruction ID: 7a2cec4b3c0b09fa736aa427e43f2df21bd39c35aee8f4d351793f30d47ec5ef
                                      • Opcode Fuzzy Hash: 61e74573483a0807baeec319394bbab6a9e4d4c8f7dd9e7333c55b16b9858ec6
                                      • Instruction Fuzzy Hash: 2611A072A14108ABCF18DF68D895DAE77B8FF49314B104469E942A7241EB30ED05CB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E1B402 Relevance: 6.1, APIs: 4, Instructions: 60registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E1B40C
                                        • Part of subcall function 00DE4B50: GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 00DE4B74
                                      • RegEnumKeyExW.ADVAPI32(?,00000000,?,00000100,00000000,00000000,00000000,?,0000021C,00E1B952,?,?,?,?,?), ref: 00E1B487
                                      • RegCloseKey.ADVAPI32(?,?,?,?,?), ref: 00E1B49F
                                      • RegCloseKey.ADVAPI32(00000000,0000021C,00E1B952,?,?,?,?,?), ref: 00E1B4CE
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Close$EnumH_prolog3_HandleModule
                                      • String ID:
                                      • API String ID: 2949155766-0
                                      • Opcode ID: 3f4440b7b0e504dcf86ca0a63f302cec5f1449c8cb4141fc9f394b9690c72409
                                      • Instruction ID: 1340375a2f067b78dfb7d5d82c83c27944c1499bbe59cf210849ddc6b45a86c6
                                      • Opcode Fuzzy Hash: 3f4440b7b0e504dcf86ca0a63f302cec5f1449c8cb4141fc9f394b9690c72409
                                      • Instruction Fuzzy Hash: B421E97588122CAFDB21DB25DC88BDABAB8FF24310F2481E6A41DB2151DB704F85CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E4B4E0 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetWindowRect.USER32(?,?), ref: 00E4B503
                                      • IntersectRect.USER32(?,?,?), ref: 00E4B518
                                      • GetWindowTextW.USER32(?,?,00000104), ref: 00E4B52F
                                      • InvalidateRect.USER32(?,?,00000000), ref: 00E4B55B
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Rect$Window$IntersectInvalidateText
                                      • String ID:
                                      • API String ID: 1165118807-0
                                      • Opcode ID: 766090002890eb0439e665b7b28d7d3579f32f07283757145d955fef48d2ca97
                                      • Instruction ID: 80fa6dd1f0d24040e36a85bd2961c2ecd86d0087ea7323411699ba8775bd7cf0
                                      • Opcode Fuzzy Hash: 766090002890eb0439e665b7b28d7d3579f32f07283757145d955fef48d2ca97
                                      • Instruction Fuzzy Hash: F211657650111DAFCB10DFA5DC89AFEB3BCEB44305F144196E906E7150DB74AE4ACB50
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E38713 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                      Download Yara Rule
                                      APIs
                                      • CharNextW.USER32(?,00000000,?,0000005C,?,00E387BA,?,?,00E37893,?,?,?,00E37D40,?,?), ref: 00E38727
                                      • CharNextW.USER32(?,00000000,?,0000005C,?,00E387BA,?,?,00E37893,?,?,?,00E37D40,?,?), ref: 00E38750
                                      • CharNextW.USER32(00000000,?,00E387BA,?,?,00E37893,?,?,?,00E37D40,?,?), ref: 00E3875D
                                      • CharNextW.USER32(00000000,?,00E387BA,?,?,00E37893,?,?,?,00E37D40,?,?), ref: 00E38766
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CharNext
                                      • String ID:
                                      • API String ID: 3213498283-0
                                      • Opcode ID: 0102d9df64de1b200c4815ff65aa31efdf1fb819aa5fc2f650f93049c77ba60f
                                      • Instruction ID: f1b51c4e7fc7525f8575bea47ef04243229210c7e77c4a85026bee9acbeddbb8
                                      • Opcode Fuzzy Hash: 0102d9df64de1b200c4815ff65aa31efdf1fb819aa5fc2f650f93049c77ba60f
                                      • Instruction Fuzzy Hash: F201AD325042109FC7213B759E4C8BABEAAEB1539AB309827F492F7050EF614CC5C7A0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E4EFF0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                      Download Yara Rule
                                      APIs
                                      • FindResourceW.KERNEL32(00000001,?,00000002,?,00000000,0000000F,?,00E4F352,00000000,?,00000000,000000FF,?,?,00E4EDF1,?), ref: 00E4F020
                                      • LoadResource.KERNEL32(00000001,00000000,?,00E4F352,00000000,?,00000000,000000FF,?,?,00E4EDF1,?,?,00E8CF9C,00E4BE36,?), ref: 00E4F02C
                                      • LockResource.KERNEL32(00000000,?,00E4F352,00000000,?,00000000,000000FF,?,?,00E4EDF1,?,?,00E8CF9C,00E4BE36,?,000000FF), ref: 00E4F039
                                      • FreeResource.KERNEL32(00000000,?), ref: 00E4F04B
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Resource$FindFreeLoadLock
                                      • String ID:
                                      • API String ID: 1078018258-0
                                      • Opcode ID: 047b06734a415b048fcb6cfce25ed8f2d3f79462791b7756c771d356edb80c0e
                                      • Instruction ID: b39c8355d24214f32a1302e9c709875da339b9798de3ad42b1c7d6c07fd32072
                                      • Opcode Fuzzy Hash: 047b06734a415b048fcb6cfce25ed8f2d3f79462791b7756c771d356edb80c0e
                                      • Instruction Fuzzy Hash: 5A014F76100604AFD7109F5AEC84A7B77FCFB89725F04041AF909E6651DBB5E8058BA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E1872C Relevance: 6.0, APIs: 4, Instructions: 44windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetDlgItem.USER32(?), ref: 00E1873F
                                      • GetDlgItem.USER32(?), ref: 00E18755
                                        • Part of subcall function 00E18EEA: __EH_prolog3_GS.LIBCMT ref: 00E18EF1
                                        • Part of subcall function 00E18EEA: SendMessageW.USER32(?,0000101E,00000000,000000FE), ref: 00E18FBE
                                        • Part of subcall function 00E18EEA: SendMessageW.USER32(?,00001036,00000000,00000020), ref: 00E18FD4
                                        • Part of subcall function 00E18EEA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00E18FE2
                                      • EnableWindow.USER32(00000000,00000000), ref: 00E18772
                                      • SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 00E1878D
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: MessageSend$Item$EnableH_prolog3_Window
                                      • String ID:
                                      • API String ID: 3504422573-0
                                      • Opcode ID: f2f0db62a6d04598fe80f74ddacb76c33076ab2ff0ac9eab8a5dabaaf1b009ff
                                      • Instruction ID: ff4903081a99e351c49ab623cc01a3f8e1df4c04eccb5659ecd5be21fa9d04de
                                      • Opcode Fuzzy Hash: f2f0db62a6d04598fe80f74ddacb76c33076ab2ff0ac9eab8a5dabaaf1b009ff
                                      • Instruction Fuzzy Hash: 1FF02836641214FFCB211FA2BD089FB7F2DEB45BE5B105026F90AA6160CE324854E7A0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E0424A Relevance: 6.0, APIs: 4, Instructions: 43windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00E0426C
                                      • GetObjectW.GDI32(00000000,0000005C,?), ref: 00E04279
                                        • Part of subcall function 00E042B5: GetLocaleInfoW.KERNEL32(?,00001004,?,00000014), ref: 00E042E9
                                        • Part of subcall function 00E042B5: TranslateCharsetInfo.GDI32(00000000,?,00000002), ref: 00E04304
                                      • CreateFontIndirectW.GDI32(?), ref: 00E04290
                                      • SendMessageW.USER32(?,00000030,00000000,00000000), ref: 00E0429E
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: InfoMessageSend$CharsetCreateFontIndirectLocaleObjectTranslate
                                      • String ID:
                                      • API String ID: 2681337867-0
                                      • Opcode ID: d5cf1c5423f2b1383b2176f1bc6a58d0b1e4b36eaa0954fe955fa44ff41ae67d
                                      • Instruction ID: f8ed61734322782ea9aa2b3fb4f487a496fa10119ed597ee3dd888de9e760d35
                                      • Opcode Fuzzy Hash: d5cf1c5423f2b1383b2176f1bc6a58d0b1e4b36eaa0954fe955fa44ff41ae67d
                                      • Instruction Fuzzy Hash: AA016276600308FFDB109FA5DC4AFAEBBADFB18740F100119B605AB1C1CA74A9048BA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E094A8 Relevance: 6.0, APIs: 4, Instructions: 41windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E094D5
                                      • IsDialogMessageW.USER32(?), ref: 00E094E9
                                      • TranslateMessage.USER32(?), ref: 00E094F7
                                      • DispatchMessageW.USER32(?), ref: 00E09501
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Message$DialogDispatchPeekTranslate
                                      • String ID:
                                      • API String ID: 1266772231-0
                                      • Opcode ID: c497c6eb3543494e18e35f6473ba2735eaaf4f17c76d87a3d8915191704aeff3
                                      • Instruction ID: fca05a2c141a63014499f1e123d57530c4dbd48e56c0daab4625c0ee13b0c03a
                                      • Opcode Fuzzy Hash: c497c6eb3543494e18e35f6473ba2735eaaf4f17c76d87a3d8915191704aeff3
                                      • Instruction Fuzzy Hash: 6F016D31B042096FEB10CFA6DC49F6A77FDAB04709F485090B119F60E2DB64E489C760
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3747B Relevance: 6.0, APIs: 4, Instructions: 40windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00E3749A
                                      • GetObjectW.GDI32(00000000,0000005C,?), ref: 00E374A7
                                        • Part of subcall function 00E37979: GetLocaleInfoW.KERNEL32(?,00001004,?,00000014,?), ref: 00E379AB
                                        • Part of subcall function 00E37979: TranslateCharsetInfo.GDI32(00000000,?,00000002), ref: 00E379C6
                                      • CreateFontIndirectW.GDI32(?), ref: 00E374BD
                                      • SendMessageW.USER32(?,00000030,00000000,00000000), ref: 00E374CB
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: InfoMessageSend$CharsetCreateFontIndirectLocaleObjectTranslate
                                      • String ID:
                                      • API String ID: 2681337867-0
                                      • Opcode ID: 43b9082555d5447c85b7e5ce304d2c88dd91015e17d50829830d13612348b7ec
                                      • Instruction ID: 60e6b68392d0b0bbd620d4d629c1144b4fc910a8454365332237e72a8301493b
                                      • Opcode Fuzzy Hash: 43b9082555d5447c85b7e5ce304d2c88dd91015e17d50829830d13612348b7ec
                                      • Instruction Fuzzy Hash: 58F03132600208EFDB109FA5DC4AFAE7BBDEB54750F100119B605BB1D1DAB0A9048B55
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E2EF15 Relevance: 6.0, APIs: 4, Instructions: 37timefileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00E2EF1C
                                      • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000014,00E2D2E7,?,?,?), ref: 00E2EF32
                                      • GetFileTime.KERNEL32(00000000,00000000,00000000,?), ref: 00E2EF45
                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00E2EF53
                                        • Part of subcall function 00DE6070: CloseHandle.KERNEL32(00000000,00000000,00E3F2AD), ref: 00DE6083
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: File$Time$CloseCreateH_prolog3HandleLocal
                                      • String ID:
                                      • API String ID: 1194648477-0
                                      • Opcode ID: d1d57f3d16611a762b5c4f2d93e21ea44f66f5bf3ec45339f3c3fde8604bf5b0
                                      • Instruction ID: 5809369972ca93422c9ba85927d68c6f5fba3f81fb217f63a87656c7b247c19f
                                      • Opcode Fuzzy Hash: d1d57f3d16611a762b5c4f2d93e21ea44f66f5bf3ec45339f3c3fde8604bf5b0
                                      • Instruction Fuzzy Hash: AA01E4B5902229ABCB14DFA1DC49EEFBF78FF09350F104119B919A7290DB709A01CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E30D7E Relevance: 6.0, APIs: 4, Instructions: 36windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • PeekMessageW.USER32(?,00000000,00000113,00000113,00000001), ref: 00E30D96
                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,04270001), ref: 00E30DAC
                                      • TranslateMessage.USER32(?), ref: 00E30DBA
                                      • DispatchMessageW.USER32(?), ref: 00E30DC4
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Message$Peek$DispatchTranslate
                                      • String ID:
                                      • API String ID: 1795658109-0
                                      • Opcode ID: 1336bae3b3c98aac597015b189d29547a8f44ad887b1bc476d84168d93849403
                                      • Instruction ID: 11da4e6062a2b0b2f5834e73d320ef1262ad6222489dd75a32ab9d09c6edd8e4
                                      • Opcode Fuzzy Hash: 1336bae3b3c98aac597015b189d29547a8f44ad887b1bc476d84168d93849403
                                      • Instruction Fuzzy Hash: 91F05E72A012196BDF209BE29C4CEDB7FBCDF81796B400011B91AF2045E664D149C7A0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E373A9 Relevance: 6.0, APIs: 4, Instructions: 36stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • lstrlenW.KERNEL32(00E375F7,?,?,00E375F7,?,?), ref: 00E373B1
                                      • lstrcpynW.KERNEL32(?,00E375F9,-00000001,?,00E375F7,?,?), ref: 00E373D5
                                      • lstrcpyW.KERNEL32(?,00E375F7), ref: 00E373E2
                                      • lstrcatW.KERNEL32(?,?), ref: 00E373F2
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: lstrcatlstrcpylstrcpynlstrlen
                                      • String ID:
                                      • API String ID: 3428934214-0
                                      • Opcode ID: c17d61d3d96b53604ba9ef118d8d5584427324bacaa1e013ac5abccd4b4345f8
                                      • Instruction ID: fb52e545a9cc56f372eacf7a04de93a6735e3cb74937adfd88169c1cb5d2ed99
                                      • Opcode Fuzzy Hash: c17d61d3d96b53604ba9ef118d8d5584427324bacaa1e013ac5abccd4b4345f8
                                      • Instruction Fuzzy Hash: E4F03073415A28EBCB216B949C09CEF7BBCEF16355B009406F945F3010DB60A981D7E1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E437D9 Relevance: 6.0, APIs: 4, Instructions: 36windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E43809
                                      • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,?,000004FF), ref: 00E43822
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: MessageMultipleObjectsPeekWait
                                      • String ID:
                                      • API String ID: 3986374578-0
                                      • Opcode ID: a6be57c69de89548bb4a1dffef999c5acfebb138280ab4a2dfede3de414f4192
                                      • Instruction ID: 094cc103fa09c2933a64e90e70d855330826db105d4403eb151ab8395e2da15c
                                      • Opcode Fuzzy Hash: a6be57c69de89548bb4a1dffef999c5acfebb138280ab4a2dfede3de414f4192
                                      • Instruction Fuzzy Hash: E3F036B650020DBFDB009FE5DCC9DAF7BBCAB04349F008421F61AE6051D674D9488B20
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E041E6 Relevance: 6.0, APIs: 4, Instructions: 35windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • IsWindow.USER32 ref: 00E041EF
                                      • GetDlgItem.USER32(0000012D), ref: 00E04208
                                      • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00E04218
                                      • SendMessageW.USER32(00000000,00000402,?,00000000), ref: 00E04235
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: MessageSend$ItemWindow
                                      • String ID:
                                      • API String ID: 591194657-0
                                      • Opcode ID: 470937242a738f3e79a6be233a1b910c166683998b740c51c3a748df7cd0a37d
                                      • Instruction ID: d0a650bb1409324da2aed314dae74f94e4670584519146f88a5015610161c6f6
                                      • Opcode Fuzzy Hash: 470937242a738f3e79a6be233a1b910c166683998b740c51c3a748df7cd0a37d
                                      • Instruction Fuzzy Hash: 6CF0BE32200110BFCB112BA2BC09E7A3FAAFB45B92B044025F60DB50E0CAA1988587A1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E09577 Relevance: 6.0, APIs: 4, Instructions: 35windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • IsWindow.USER32 ref: 00E09580
                                      • GetDlgItem.USER32(0000012D), ref: 00E09599
                                      • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00E095A9
                                      • SendMessageW.USER32(00000000,00000402,?,00000000), ref: 00E095C6
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: MessageSend$ItemWindow
                                      • String ID:
                                      • API String ID: 591194657-0
                                      • Opcode ID: f2cee163e3509507d8899d703f984d46776e0612ab007ef96ae675a8d6dbdf66
                                      • Instruction ID: fc8a0b7e1be62e1027860f19b868004f1b220c01096439be11c71764433f9dc4
                                      • Opcode Fuzzy Hash: f2cee163e3509507d8899d703f984d46776e0612ab007ef96ae675a8d6dbdf66
                                      • Instruction Fuzzy Hash: 32F08232240510BFDB112BA7EC09EBB7BEAEB45BA2F548115F60CF61E1CB7148558BA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E09519 Relevance: 6.0, APIs: 4, Instructions: 35windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • IsWindow.USER32 ref: 00E09522
                                      • GetDlgItem.USER32(0000012D), ref: 00E0953E
                                      • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00E09550
                                      • SendMessageW.USER32(00000000,00000402,?,00000000), ref: 00E0956D
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: MessageSend$ItemWindow
                                      • String ID:
                                      • API String ID: 591194657-0
                                      • Opcode ID: 1b7d06e7a0ece39511891bbca7b402abf03d65a848e7387cee7a2dceaa8f820b
                                      • Instruction ID: 22ea0b416ad967954caf133e310df6065d3e4fc3274b851281bb12864cfeedad
                                      • Opcode Fuzzy Hash: 1b7d06e7a0ece39511891bbca7b402abf03d65a848e7387cee7a2dceaa8f820b
                                      • Instruction Fuzzy Hash: 0CF0A731240510BFD7011B23FC0DD7B7AADFF82B957104028F609F91B2DA6158468774
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E45653 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00E4565A
                                      • GetLastError.KERNEL32(00000004,00E45E99,?,00000001), ref: 00E4567E
                                      • SetLastError.KERNEL32(?,?,?,?,?,00000001), ref: 00E456AB
                                      • SetLastError.KERNEL32(?,?,?,?,?,00000001), ref: 00E456CB
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID:
                                      • API String ID: 3502553090-0
                                      • Opcode ID: ffba4fae788a7a871ea6ab593e7c6ab11c906d5503dd1cdf564f80c16930b28b
                                      • Instruction ID: 448142e9c036e8252ab0d2421efb29848887b0855b1d391bfe783366e50e42a1
                                      • Opcode Fuzzy Hash: ffba4fae788a7a871ea6ab593e7c6ab11c906d5503dd1cdf564f80c16930b28b
                                      • Instruction Fuzzy Hash: 83010575A012008FCB05EF54D889B59BBA0FB44318F56D099A988AF257C7B4D904CF60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3885C Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00E38863
                                        • Part of subcall function 00DF099E: __EH_prolog3.LIBCMT ref: 00DF09A5
                                        • Part of subcall function 00E3C4A5: __EH_prolog3_GS.LIBCMT ref: 00E3C4AF
                                      • SetErrorMode.KERNEL32(00008001), ref: 00E3889C
                                      • RemoveDirectoryW.KERNEL32(0000000A), ref: 00E388A5
                                      • SetErrorMode.KERNEL32(00000000), ref: 00E388B2
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorH_prolog3Mode$DirectoryH_prolog3_Remove
                                      • String ID:
                                      • API String ID: 359717666-0
                                      • Opcode ID: 2a64686876739ff4a1f03cde9fb95eee5b6515cbdd62c75e7f362ecb36cc0d09
                                      • Instruction ID: 10ad03fbd55cd6e2a5c2da71ceb55e0bfdf5245cabb87966881f7d7ff0d34e70
                                      • Opcode Fuzzy Hash: 2a64686876739ff4a1f03cde9fb95eee5b6515cbdd62c75e7f362ecb36cc0d09
                                      • Instruction Fuzzy Hash: 94F0BE32A01204AFEB10AF618C0AB6EBF70EB80751F409114BD59B61A2CF708A05CBA2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DFD1F4 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                      Download Yara Rule
                                      APIs
                                      • FindResourceW.KERNEL32(?,?,?), ref: 00DFD205
                                      • SizeofResource.KERNEL32(?,00000000), ref: 00DFD211
                                      • LoadResource.KERNEL32(?,00000000), ref: 00DFD21D
                                      • LockResource.KERNEL32(00000000), ref: 00DFD224
                                        • Part of subcall function 00DFD07E: __EH_prolog3_GS.LIBCMT ref: 00DFD088
                                        • Part of subcall function 00DFD07E: GetWindowDC.USER32(00000000), ref: 00DFD184
                                        • Part of subcall function 00DFD07E: CreateDIBitmap.GDI32(00000000,00000000,00000004,?,00000000,00000000), ref: 00DFD19C
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Resource$BitmapCreateFindH_prolog3_LoadLockSizeofWindow
                                      • String ID:
                                      • API String ID: 2562653723-0
                                      • Opcode ID: 15b1f22cb304fb32825e3582b866cc0b3b3cfff5ab5e63018a8ee059bacf08bd
                                      • Instruction ID: 8d825f887a9b22039f4bbb9dbebb1b8767e9f9556c12f500f91c44bed5fcb169
                                      • Opcode Fuzzy Hash: 15b1f22cb304fb32825e3582b866cc0b3b3cfff5ab5e63018a8ee059bacf08bd
                                      • Instruction Fuzzy Hash: 9BE0C977101219BFCB111FA6EC4CC9F3F7EEB892A1B008425F90996231DE728855DBB0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE4CC0 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                      • SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                      • SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                      • SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorFreeLastString
                                      • String ID:
                                      • API String ID: 3822639702-0
                                      • Opcode ID: 1196600e2af443962c62c63a50114292cc1de35efac0b4c78edf9a4991bbc2a8
                                      • Instruction ID: 755d8cb575f0f8f98d14c4dbd9a99a1b3d442fed875afe639c11a5093229a17b
                                      • Opcode Fuzzy Hash: 1196600e2af443962c62c63a50114292cc1de35efac0b4c78edf9a4991bbc2a8
                                      • Instruction Fuzzy Hash: 4FF0F476001902EFD7019F1AE948A04BBF1FF58319B558228E40D97A20CB71E8A8CBC0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E4F290 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetDC.USER32(?), ref: 00E4F299
                                      • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00E4F2A4
                                      • GetDeviceCaps.GDI32(00000000,0000000E), ref: 00E4F2AF
                                      • ReleaseDC.USER32(?,00000000), ref: 00E4F2BB
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CapsDevice$Release
                                      • String ID:
                                      • API String ID: 1035833867-0
                                      • Opcode ID: 8ae6d63579c8381fcb7f6f8f4f9a9540d638c3709f73392ee630a8efdb8a763d
                                      • Instruction ID: be94af2277a8fa2296973f671d69783552d5089298a810990aa8389e08a5031b
                                      • Opcode Fuzzy Hash: 8ae6d63579c8381fcb7f6f8f4f9a9540d638c3709f73392ee630a8efdb8a763d
                                      • Instruction Fuzzy Hash: 18E0D833540118BFDB211BA6EC4DD5FBF6DFB85761B024422F90CEA1A0D9714C4587A0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E376BC Relevance: 6.0, APIs: 4, Instructions: 27fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SetErrorMode.KERNEL32(00008001,00000000,?,00E3890A,0000000A), ref: 00E376C5
                                      • CreateFileW.KERNEL32(00E3890A,80000000,00000000,00000000,00000003,00000080,00000000,?,00E3890A,0000000A), ref: 00E376DF
                                      • SetErrorMode.KERNEL32(00000000,?,00E3890A,0000000A), ref: 00E376EB
                                      • CloseHandle.KERNEL32(00000000,?,00E3890A,0000000A), ref: 00E376F7
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorMode$CloseCreateFileHandle
                                      • String ID:
                                      • API String ID: 1343785229-0
                                      • Opcode ID: 5adb3a3ec3455ff4b570c8df5f5259d543e4f3fcce33b407b8c35d3f47db5554
                                      • Instruction ID: 8e36043b58a5f4905aaca3a9f3aead8232d4d39e732b6a4bf54785ebb042684c
                                      • Opcode Fuzzy Hash: 5adb3a3ec3455ff4b570c8df5f5259d543e4f3fcce33b407b8c35d3f47db5554
                                      • Instruction Fuzzy Hash: D5E01A32546924BED2321776AC0DF8B7E9DDF067B1F504510F259F80A0CE604504C6E4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E0CDD9 Relevance: 6.0, APIs: 4, Instructions: 24timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: Window$DestroyKillTimer
                                      • String ID:
                                      • API String ID: 3408851907-0
                                      • Opcode ID: 2788a24760ee6b49abd071c48f5ef0612e8e6720ac26b9c2a278c73c225da2c0
                                      • Instruction ID: 979a747800a3855e27f6db135091228169db4472f0ac84fbb69a5661bfc4f5ec
                                      • Opcode Fuzzy Hash: 2788a24760ee6b49abd071c48f5ef0612e8e6720ac26b9c2a278c73c225da2c0
                                      • Instruction Fuzzy Hash: 37F01C31205600CFCB255F12FD0CB66BBF6BB40706F68A2A9E486710F0CB729899DF40
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E0556F Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 22stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • lstrcmpiW.KERNEL32(?,hide_progress), ref: 00E05575
                                      • lstrcmpiW.KERNEL32(?,hide_splash,?,hide_progress), ref: 00E0558C
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: lstrcmpi
                                      • String ID: hide_progress$hide_splash
                                      • API String ID: 1586166983-450596345
                                      • Opcode ID: 5bdfe46771b867a7af39df55c53f985b684cb65b49c7a9b70438136ab2d6cdd8
                                      • Instruction ID: 922ddfa5f1c85aaf72bfa30dd5684b61d335829b31b5178e5008243bafe601f2
                                      • Opcode Fuzzy Hash: 5bdfe46771b867a7af39df55c53f985b684cb65b49c7a9b70438136ab2d6cdd8
                                      • Instruction Fuzzy Hash: 93E06831349F81DAC710AB308CCC7DF6B512F10308F103354A069700E1DBA082C48B88
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE8610 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 163memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • SysAllocStringLen.OLEAUT32(00000000,7FFFFFFF), ref: 00DE86C5
                                      • SysFreeString.OLEAUT32(00000008), ref: 00DE872C
                                        • Part of subcall function 00DE4A40: std::_Xinvalid_argument.LIBCPMT ref: 00DE4A45
                                        • Part of subcall function 00DE4A40: SysFreeString.OLEAUT32(?), ref: 00DE4A60
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: String$Free$AllocXinvalid_argumentstd::_
                                      • String ID: Pg
                                      • API String ID: 3817557838-754130359
                                      • Opcode ID: 3573f0fc5539cfbf44d42d4872360c614677e80bd2eb547fdc1d36d1795c09dd
                                      • Instruction ID: 5b27fa51b7c2acad614b021820c5ca97a83f3bb559141157c36abe976da87a4b
                                      • Opcode Fuzzy Hash: 3573f0fc5539cfbf44d42d4872360c614677e80bd2eb547fdc1d36d1795c09dd
                                      • Instruction Fuzzy Hash: 0351B075B006189FCB18EFADD8904ADF7F6FF88300B24417EE94AD7340DA719A159BA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3D445 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139timeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00E3D44C
                                      • CompareFileTime.KERNEL32(?,00000000,?,?,?,?,PSTORES.EXE,00000000,?,?,?,00000064,00E3FD36,00E3E8F2,?), ref: 00E3D594
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CompareFileH_prolog3Time
                                      • String ID: PSTORES.EXE
                                      • API String ID: 2703394530-1209905799
                                      • Opcode ID: 4fab2a8273d35cbbbeb855b04109ad3debd25dd956576b548ab40fca4d1f3edc
                                      • Instruction ID: f01099e3a944eb78c1afe5115c91b7c83e6f455388c865fa8a56ae993a687049
                                      • Opcode Fuzzy Hash: 4fab2a8273d35cbbbeb855b04109ad3debd25dd956576b548ab40fca4d1f3edc
                                      • Instruction Fuzzy Hash: 0F51FB7280424DEACF11DFE4EC899EEBFB8BF08318F14216AE555B7141D734AA45CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DFC87A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_catch_GS.LIBCMT ref: 00DFC884
                                      • _wcslen.LIBCMT ref: 00DFC8BB
                                        • Part of subcall function 00DE6B40: GetLastError.KERNEL32(7B1078F4), ref: 00DE6B91
                                        • Part of subcall function 00DE6B40: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE6C0A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3_catch__wcslen
                                      • String ID: 0
                                      • API String ID: 1745903506-4108050209
                                      • Opcode ID: 8284c4747386518371a4d3393152043fc6214adc89f7674dc1c0d251cf9a548f
                                      • Instruction ID: 4a641224156e9875aad958d150ed6ce00837f66fba215dd09f4d873dfb71b072
                                      • Opcode Fuzzy Hash: 8284c4747386518371a4d3393152043fc6214adc89f7674dc1c0d251cf9a548f
                                      • Instruction Fuzzy Hash: D3415F71D1025C9EEF14DBA4DD46BADBBF8AF04341F14919AA548FB282E7709A44CF20
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E20350 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E2035A
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3_
                                      • String ID: Hg$Pg
                                      • API String ID: 3339191932-3911212948
                                      • Opcode ID: eaf4bfae7473f655269ae0c7fed15d3ebbe06527a4929307c64071c468f54edd
                                      • Instruction ID: bcdc13e76dd020ed2fa0980b629b8d45d2e2ca8db02aca3392c59d6246243977
                                      • Opcode Fuzzy Hash: eaf4bfae7473f655269ae0c7fed15d3ebbe06527a4929307c64071c468f54edd
                                      • Instruction Fuzzy Hash: CD512A70900228DFDF14EFA4D995BEDBBB5FF44304F1080A9E645A7282DB709A49CFA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E32BAE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 110COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E32BB8
                                        • Part of subcall function 00DE6B40: GetLastError.KERNEL32(7B1078F4), ref: 00DE6B91
                                        • Part of subcall function 00DE6B40: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE6C0A
                                        • Part of subcall function 00DFF67F: __EH_prolog3_GS.LIBCMT ref: 00DFF686
                                        • Part of subcall function 00DFF67F: _wcslen.LIBCMT ref: 00DFF6C9
                                        • Part of subcall function 00DFF67F: SetLastError.KERNEL32(00000000,?,00000000), ref: 00DFF6E6
                                      • _wcslen.LIBCMT ref: 00E32C0E
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3__wcslen
                                      • String ID:
                                      • API String ID: 754474099-410699589
                                      • Opcode ID: 90415c30d31dbd3c5d4434a1726e5c296b645de04c3579e26389b70c06b98d59
                                      • Instruction ID: d83ee07f72dcae54ba0672b6ad699a848205d160e756e03f53e6c628f8a3574c
                                      • Opcode Fuzzy Hash: 90415c30d31dbd3c5d4434a1726e5c296b645de04c3579e26389b70c06b98d59
                                      • Instruction Fuzzy Hash: 7A41AE71D00268DECB14EBA8C995BEDFBB4EF01310F504299E159B3292DB706F48CB61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3E353 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 93COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E3E35D
                                        • Part of subcall function 00E41289: __EH_prolog3.LIBCMT ref: 00E41290
                                        • Part of subcall function 00DF070A: __EH_prolog3.LIBCMT ref: 00DF0711
                                        • Part of subcall function 00DF070A: GetLastError.KERNEL32(00000004,00DE4709,00E965D4,?,00000000), ref: 00DF0733
                                        • Part of subcall function 00DF070A: SetLastError.KERNEL32(?,?,?), ref: 00DF0774
                                        • Part of subcall function 00DF0617: __EH_prolog3.LIBCMT ref: 00DF061E
                                        • Part of subcall function 00DF0617: GetLastError.KERNEL32(00000004,00DF0837,?,00000000,00000004,00DFB8B4,?,00000001,0000006C,00DFC2A9,?,?,.ini,Hg,%ld,?), ref: 00DF0640
                                        • Part of subcall function 00DF0617: SetLastError.KERNEL32(?,?), ref: 00DF0678
                                        • Part of subcall function 00E42370: __EH_prolog3_GS.LIBCMT ref: 00E4237A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3$H_prolog3_
                                      • String ID: Hg$Pg
                                      • API String ID: 144357098-3911212948
                                      • Opcode ID: c12776e63cc7f6f58566f190f6382e2d9f819b0c6c016da2102ad7542f8aa940
                                      • Instruction ID: ae749350c581d96f9b6a47a3d5d13420111098c071a1ea50aa84d2889bf1aea0
                                      • Opcode Fuzzy Hash: c12776e63cc7f6f58566f190f6382e2d9f819b0c6c016da2102ad7542f8aa940
                                      • Instruction Fuzzy Hash: 1E413BB08002489BDB14EFA5D946B9DBBB8EF85308F5081DEE80DA7242DB705A45CB71
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E1F541 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 78COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: wsprintf
                                      • String ID: %s/%s$Location
                                      • API String ID: 2111968516-42320356
                                      • Opcode ID: 174a43f0dbd3426461ca1eaf20451fcb628e6d8728d3c7a73539cd16c826679c
                                      • Instruction ID: 816e4fbd9f67ac91cacd8a9fc293de68afbb7c66d0446ca116330dc8e27643ed
                                      • Opcode Fuzzy Hash: 174a43f0dbd3426461ca1eaf20451fcb628e6d8728d3c7a73539cd16c826679c
                                      • Instruction Fuzzy Hash: E3311C72900219AFDB14EF54CC45FDAB7F8FB04714F0485AAF519A7191DE74AA84CF90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3E240 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 75COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E3E24A
                                        • Part of subcall function 00E41289: __EH_prolog3.LIBCMT ref: 00E41290
                                        • Part of subcall function 00DF070A: __EH_prolog3.LIBCMT ref: 00DF0711
                                        • Part of subcall function 00DF070A: GetLastError.KERNEL32(00000004,00DE4709,00E965D4,?,00000000), ref: 00DF0733
                                        • Part of subcall function 00DF070A: SetLastError.KERNEL32(?,?,?), ref: 00DF0774
                                        • Part of subcall function 00DF0617: __EH_prolog3.LIBCMT ref: 00DF061E
                                        • Part of subcall function 00DF0617: GetLastError.KERNEL32(00000004,00DF0837,?,00000000,00000004,00DFB8B4,?,00000001,0000006C,00DFC2A9,?,?,.ini,Hg,%ld,?), ref: 00DF0640
                                        • Part of subcall function 00DF0617: SetLastError.KERNEL32(?,?), ref: 00DF0678
                                        • Part of subcall function 00E42370: __EH_prolog3_GS.LIBCMT ref: 00E4237A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3$H_prolog3_
                                      • String ID: Hg$Pg
                                      • API String ID: 144357098-3911212948
                                      • Opcode ID: 5c3a13d74afdacf40e226b92262c8d48438b3cc0fa63117d5d22fc84deed7cfa
                                      • Instruction ID: edbd8fb0f48082a06c5045f5cf670079ad72bbbd872a367a9d36a30197d61ed9
                                      • Opcode Fuzzy Hash: 5c3a13d74afdacf40e226b92262c8d48438b3cc0fa63117d5d22fc84deed7cfa
                                      • Instruction Fuzzy Hash: 1D3169708012589ADB14EFA4D846B9DBFB8EF55304F5050DEA80D77252DB705A85CBB1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DEEED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00DEEF40
                                      • LoadLibraryA.KERNEL32(00000000), ref: 00DEEF98
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: DirectoryLibraryLoadSystem
                                      • String ID: api-ms-win-core-
                                      • API String ID: 1175261203-1285793476
                                      • Opcode ID: baf81cf00616cfcd64d85035df86aac47c73ceaf6d72e3bf498d533cb409dc31
                                      • Instruction ID: b63369aef75af1f9e5bf7f569228f34608e3eb08b8d9600487b315e60288e711
                                      • Opcode Fuzzy Hash: baf81cf00616cfcd64d85035df86aac47c73ceaf6d72e3bf498d533cb409dc31
                                      • Instruction Fuzzy Hash: 53213A315046949FDB30EB36D848BDA7BE49F55300F580899D4C9EB181CBB0ADC8CB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E0A625 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_
                                      • String ID: Hg$Hg
                                      • API String ID: 2427045233-3115353047
                                      • Opcode ID: 445e873ad177af4d574647d33aac0a5c10c7b07429c216e17bb84966f2191543
                                      • Instruction ID: 1762ea6fa25df54584b120d1dfcf2262069cc3db7a23f68f8ff450f1c9ed2778
                                      • Opcode Fuzzy Hash: 445e873ad177af4d574647d33aac0a5c10c7b07429c216e17bb84966f2191543
                                      • Instruction Fuzzy Hash: 4021B131D0124C9BCF04EAE4D894AEDB779EF44314F298228E911A72C1DB749E46CB61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E42770 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E42777
                                        • Part of subcall function 00DF0617: __EH_prolog3.LIBCMT ref: 00DF061E
                                        • Part of subcall function 00DF0617: GetLastError.KERNEL32(00000004,00DF0837,?,00000000,00000004,00DFB8B4,?,00000001,0000006C,00DFC2A9,?,?,.ini,Hg,%ld,?), ref: 00DF0640
                                        • Part of subcall function 00DF0617: SetLastError.KERNEL32(?,?), ref: 00DF0678
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3H_prolog3_
                                      • String ID: Hg$Pg
                                      • API String ID: 852442433-3911212948
                                      • Opcode ID: a66fe836271ebfcc8a335a7ecba625ce0aa267f80d5bafd07cfad93f5827c588
                                      • Instruction ID: 0f4db0318e71bb80cbce35ce62ffa196d87c53b1dbef911ff7b1c32accc5701c
                                      • Opcode Fuzzy Hash: a66fe836271ebfcc8a335a7ecba625ce0aa267f80d5bafd07cfad93f5827c588
                                      • Instruction Fuzzy Hash: 16219470900248DBCB04EF60D856BDDBFB8AF54344F50905EF50AAB292DB749A85CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3AD06 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                      Download Yara Rule
                                      APIs
                                      • _wcslen.LIBCMT ref: 00E3AD6C
                                      • _wcslen.LIBCMT ref: 00E3AD92
                                        • Part of subcall function 00DE8130: SysAllocStringLen.OLEAUT32(00000000,?), ref: 00DE81BE
                                        • Part of subcall function 00DE8130: SysFreeString.OLEAUT32(?), ref: 00DE81EE
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: String_wcslen$AllocFree
                                      • String ID: Ho
                                      • API String ID: 3085376587-3117934875
                                      • Opcode ID: 5004ff08aad3583ab72170f2ae10236f31e3dc8311e77f04520a465476f65584
                                      • Instruction ID: 7ef4bc2eb9d5defa10b60003b5e68cff4a19995c25a5c2118242886965d03a38
                                      • Opcode Fuzzy Hash: 5004ff08aad3583ab72170f2ae10236f31e3dc8311e77f04520a465476f65584
                                      • Instruction Fuzzy Hash: 8B21F7B5600B009FCB18DF2AC4919A6B7E8FF88650311456EEC4ADB705EB70FD01CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3EF03 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E3EF0D
                                        • Part of subcall function 00DF45E2: __EH_prolog3_GS.LIBCMT ref: 00DF45EC
                                        • Part of subcall function 00DF4265: __EH_prolog3_GS.LIBCMT ref: 00DF426F
                                        • Part of subcall function 00DFBA06: __EH_prolog3.LIBCMT ref: 00DFBA0D
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                        • Part of subcall function 00DF5510: __EH_prolog3_GS.LIBCMT ref: 00DF5517
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3_$ErrorFreeLastString$H_prolog3
                                      • String ID: Hg$Pg
                                      • API String ID: 2838087192-3911212948
                                      • Opcode ID: c6f581caa314faa83eb0604ebf6db142a0d23004ed25c43abc796e7fe286e98f
                                      • Instruction ID: 1c6262d94f8756c97ab51ba14667df818cb1ce46d9b5828eac9da1dbfb271fdd
                                      • Opcode Fuzzy Hash: c6f581caa314faa83eb0604ebf6db142a0d23004ed25c43abc796e7fe286e98f
                                      • Instruction Fuzzy Hash: C2219271901288EBDB11FBA0DD86BEDBBA8EF54304F148199F545B7282DBB49B08C731
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E1F6A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E1F6A7
                                        • Part of subcall function 00DF0809: __EH_prolog3.LIBCMT ref: 00DF0810
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3H_prolog3_
                                      • String ID: Hg$Pg
                                      • API String ID: 3355343447-3911212948
                                      • Opcode ID: 8a27f207abe221a357e4dd8f39b9266182eb0c18d30f0b383d900994938eb691
                                      • Instruction ID: 34dac62a121567a5ca8d2748322e1c0202821151519543cb8a839cdecb36885e
                                      • Opcode Fuzzy Hash: 8a27f207abe221a357e4dd8f39b9266182eb0c18d30f0b383d900994938eb691
                                      • Instruction Fuzzy Hash: 142150B1D01218DBDB20DFA5D9857DDBB74EF40758F24511AE45177282C7745F05CBA0
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E020B2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E020BC
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                        • Part of subcall function 00DFC19E: __EH_prolog3.LIBCMT ref: 00DFC1A5
                                        • Part of subcall function 00DFC203: __EH_prolog3_GS.LIBCMT ref: 00DFC20D
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorH_prolog3_Last$H_prolog3
                                      • String ID: Hg$Pg
                                      • API String ID: 3076002782-3911212948
                                      • Opcode ID: 5f07dff4f50fa15dd8956be9641ea4e6f2ee6144c73a5384da6c678a93a2cfcd
                                      • Instruction ID: 069acdc3d2fef3a7d9710133e72fa828ada4d216b08f00797bb47e3a3dbeff12
                                      • Opcode Fuzzy Hash: 5f07dff4f50fa15dd8956be9641ea4e6f2ee6144c73a5384da6c678a93a2cfcd
                                      • Instruction Fuzzy Hash: 47219D30901258DFCF14EBA4DC9ABCEB7B4EF51304F1445A9E101B7292DBB49A49CB62
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E1F300 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_catch.LIBCMT ref: 00E1F307
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                        • Part of subcall function 00E0850F: __set_se_translator.LIBVCRUNTIME ref: 00E0851D
                                        • Part of subcall function 00DFC824: __EH_prolog3.LIBCMT ref: 00DFC82B
                                        • Part of subcall function 00DF40BE: SysStringLen.OLEAUT32(?), ref: 00DF40C7
                                        • Part of subcall function 00DF40BE: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 00DF40E2
                                      • _wcslen.LIBCMT ref: 00E1F3BA
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLastString$AllocH_prolog3H_prolog3_catch__set_se_translator_wcslen
                                      • String ID: InstallLocation
                                      • API String ID: 521156242-779285727
                                      • Opcode ID: a380af2c32c4633f679af138bb28373050b051651bdb003a73b9bdc480de5e47
                                      • Instruction ID: 3b68b288deb545657ed9b484984b06fbb0e883043f373ddb219f8dce97f9314d
                                      • Opcode Fuzzy Hash: a380af2c32c4633f679af138bb28373050b051651bdb003a73b9bdc480de5e47
                                      • Instruction Fuzzy Hash: BC114270900209DFDF01EF98C996AEDBBF4EF84704F159059E105BB292CBB59A45CBB1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E38DC8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                      Download Yara Rule
                                      APIs
                                      • VirtualQuery.KERNEL32(80000000,?,0000001C,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00E38DD9
                                      • GetSystemInfo.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00E38DF4
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: InfoQuerySystemVirtual
                                      • String ID: D
                                      • API String ID: 401686933-2746444292
                                      • Opcode ID: 41613c6b1e723d9c72856f89b85a6cae7f7a703fe6926c01334e34a517778ef0
                                      • Instruction ID: 15caff59b6edf66a4603876d65cca0051a6189ae6716c49d737c9048013ed98b
                                      • Opcode Fuzzy Hash: 41613c6b1e723d9c72856f89b85a6cae7f7a703fe6926c01334e34a517778ef0
                                      • Instruction Fuzzy Hash: 2801D4326006096BCB14DE2ADC09BDE7BA9AFD4328F0CC225BD19EA140EA74DD05C780
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E41289 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00E41290
                                        • Part of subcall function 00E41188: __EH_prolog3.LIBCMT ref: 00E4118F
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                        • Part of subcall function 00DF070A: __EH_prolog3.LIBCMT ref: 00DF0711
                                        • Part of subcall function 00DF070A: GetLastError.KERNEL32(00000004,00DE4709,00E965D4,?,00000000), ref: 00DF0733
                                        • Part of subcall function 00DF070A: SetLastError.KERNEL32(?,?,?), ref: 00DF0774
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Pg
                                      • API String ID: 3502553090-3911212948
                                      • Opcode ID: a8e42d9f7042d4b955c65c2309a2f92d0a7042d0b074f59af45fef89d06f6795
                                      • Instruction ID: 95b89ca6ca88f52807db6f051a18ba23569f47372a32452646b4e4c620da5a29
                                      • Opcode Fuzzy Hash: a8e42d9f7042d4b955c65c2309a2f92d0a7042d0b074f59af45fef89d06f6795
                                      • Instruction Fuzzy Hash: 5C115BB19013049FC711DF64C4827AABBF8FF44304F60459EE199A7242DB70AA05CB61
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E47243 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00E4724A
                                        • Part of subcall function 00DF0617: __EH_prolog3.LIBCMT ref: 00DF061E
                                        • Part of subcall function 00DF0617: GetLastError.KERNEL32(00000004,00DF0837,?,00000000,00000004,00DFB8B4,?,00000001,0000006C,00DFC2A9,?,?,.ini,Hg,%ld,?), ref: 00DF0640
                                        • Part of subcall function 00DF0617: SetLastError.KERNEL32(?,?), ref: 00DF0678
                                        • Part of subcall function 00E47178: __EH_prolog3_GS.LIBCMT ref: 00E4717F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorH_prolog3Last$H_prolog3_
                                      • String ID: Hg$Pg
                                      • API String ID: 2324316964-3911212948
                                      • Opcode ID: 2f2b8db0ef6b8c4e757d9b1247435e12d67bf567d670ca8c4a59456ab1fdf682
                                      • Instruction ID: 88944bd7a49d1757b3e755d8667b1f58d807d04fb5061160dfa8262129f98d73
                                      • Opcode Fuzzy Hash: 2f2b8db0ef6b8c4e757d9b1247435e12d67bf567d670ca8c4a59456ab1fdf682
                                      • Instruction Fuzzy Hash: 6301B9B0610208ABCF04FFA0D5426ED7BACEF85348F10156EB9556B392DBB09A49C7B5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E23078 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E23082
                                      • CloseHandle.KERNEL32(000000FF,00000084,00E23337,00000004,00E3295B,@o,80000000,00000001,00000080,00000003,00000000,00000000,?,00000000,00000084,00E41F8A), ref: 00E230BA
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CloseH_prolog3_Handle
                                      • String ID: @o
                                      • API String ID: 3893559359-2309464794
                                      • Opcode ID: d5423b1ddb5dd01068ddbadfeeb12b68d8561313f668ef4cdf75f17b081d4ae2
                                      • Instruction ID: da1b8c9fd5cd51a90dd2fee238d7a2b25621be0b41ce6e7a8b3308e78f3adb5d
                                      • Opcode Fuzzy Hash: d5423b1ddb5dd01068ddbadfeeb12b68d8561313f668ef4cdf75f17b081d4ae2
                                      • Instruction Fuzzy Hash: 0101C0316017109FDB289B30DC45FAAB3E5BF00725F10AA1CA26AB28D1CBB4A945CF10
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E0A8A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON
                                      Download Yara Rule
                                      APIs
                                      Strings
                                      • {%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}, xrefs: 00E0A90A
                                      • Pg, xrefs: 00E0A8BD
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: H_prolog3
                                      • String ID: Pg${%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}
                                      • API String ID: 431132790-243881395
                                      • Opcode ID: 54c93761b2206c22566a8c642e9fc65627b9db92552c6c3c91f1b3d93be13d75
                                      • Instruction ID: 6417db9077a5238aaf7cd3c9ad93cdd58805f8b96044717710992520c7b88948
                                      • Opcode Fuzzy Hash: 54c93761b2206c22566a8c642e9fc65627b9db92552c6c3c91f1b3d93be13d75
                                      • Instruction Fuzzy Hash: 640184A54041946EC751DB994815B7ABFEC9B09319F2880CAB1D8E90C2C27FC643DB30
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E00446 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E0044D
                                      • FindWindowExW.USER32(000000FD,00000000,IsPrqHook,-00000004), ref: 00E0049B
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: FindH_prolog3_Window
                                      • String ID: IsPrqHook
                                      • API String ID: 3116559289-843352308
                                      • Opcode ID: f1887457849eed9430c91460bf8fe6eccc8962488447c2801d952d0194634dcc
                                      • Instruction ID: 4b017b7111dca7caaa2110f531ce3d2f831d86f3afde1800b18b6a892aba9da1
                                      • Opcode Fuzzy Hash: f1887457849eed9430c91460bf8fe6eccc8962488447c2801d952d0194634dcc
                                      • Instruction Fuzzy Hash: 6701B171A012149FCB18DFA8D9856AD7BA0BB44320F24036DE42AB73E2DB705E46CB54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E20670 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00E20677
                                        • Part of subcall function 00DE60A0: GetLastError.KERNEL32(?,?,?,?,00DE4914,?,00000000), ref: 00DE60C0
                                        • Part of subcall function 00DE60A0: SetLastError.KERNEL32(?,?,?,?,?,00DE4914,?,00000000), ref: 00DE60F7
                                        • Part of subcall function 00DFC824: __EH_prolog3.LIBCMT ref: 00DFC82B
                                        • Part of subcall function 00DF40BE: SysStringLen.OLEAUT32(?), ref: 00DF40C7
                                        • Part of subcall function 00DF40BE: SysReAllocStringLen.OLEAUT32(?,00000001,?), ref: 00DF40E2
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorH_prolog3LastString$Alloc
                                      • String ID: Pg$VersionString
                                      • API String ID: 418699023-2891573939
                                      • Opcode ID: 90b6bccd5b1d607b48ffbe48ef799a809b47c198d1ce4f51f56222dab0360072
                                      • Instruction ID: fb5339d595592e5e0d383e9412af80d6a26604a7683110d5a5c4f744b4e010cb
                                      • Opcode Fuzzy Hash: 90b6bccd5b1d607b48ffbe48ef799a809b47c198d1ce4f51f56222dab0360072
                                      • Instruction Fuzzy Hash: FA01DBB1911208AFDB04EF94C99ABEEBBB8EF55305F109059E105AB252CB749E04CBB1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E0CD67 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON
                                      Download Yara Rule
                                      APIs
                                      • _wcslen.LIBCMT ref: 00E0CD82
                                        • Part of subcall function 00E37E26: lstrcpyW.KERNEL32(00000400,00E965D4), ref: 00E37E5F
                                        • Part of subcall function 00E37E26: lstrcpyW.KERNEL32(00000000,00E965D4), ref: 00E37E67
                                        • Part of subcall function 00E37E26: wsprintfW.USER32 ref: 00E37F13
                                        • Part of subcall function 00E38A94: lstrcpyW.KERNEL32(?,?), ref: 00E38AC7
                                        • Part of subcall function 00E38A94: lstrcpyW.KERNEL32(?,00000001), ref: 00E38AD5
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: lstrcpy$_wcslenwsprintf
                                      • String ID: 4.70.0.1300$WinInet.dll
                                      • API String ID: 193831729-898075288
                                      • Opcode ID: 82c2b565d0f58b4a504b5d15ece8f78fbfff844a1d9de9f68564ddbb26dfa73b
                                      • Instruction ID: e607da1778ae22b9fe9301a7b9a2a01c4f8ea363cf470ec4dc898e36a4466009
                                      • Opcode Fuzzy Hash: 82c2b565d0f58b4a504b5d15ece8f78fbfff844a1d9de9f68564ddbb26dfa73b
                                      • Instruction Fuzzy Hash: BFF0C2B2600305ABD720ABA5DD47DAB77FC9F89704F10116EFB01F31C1DA74AA09C665
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DFF35F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00DFF366
                                        • Part of subcall function 00DE77F0: GetLastError.KERNEL32(7B1078F4,?,00000000), ref: 00DE7834
                                        • Part of subcall function 00DE77F0: SetLastError.KERNEL32(00000000,?,?,00000000), ref: 00DE7906
                                      • _wcslen.LIBCMT ref: 00DFF390
                                        • Part of subcall function 00DFF5D2: __EH_prolog3.LIBCMT ref: 00DFF5D9
                                        • Part of subcall function 00DFF5D2: GetLastError.KERNEL32(00000004,00DFF3AB,00000000,00000001,?,00000000,Pg,00000001,0000006C,00E1DB94,?,00000000,00E88190,?,00E88190,00000000), ref: 00DFF5FB
                                        • Part of subcall function 00DFF5D2: SetLastError.KERNEL32(?,?), ref: 00DFF62F
                                        • Part of subcall function 00DFF643: __EH_prolog3.LIBCMT ref: 00DFF64A
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeH_prolog3String$H_prolog3__wcslen
                                      • String ID: Pg
                                      • API String ID: 4033237631-754130359
                                      • Opcode ID: e2d04b670e4db2f265bba188d98f697a5d256eb32c3406b0f63170f25a5d7fb0
                                      • Instruction ID: 08fba7b6bd3d5bc739102483a6480b6a194c5e4141951a2ecebc3ccc52109510
                                      • Opcode Fuzzy Hash: e2d04b670e4db2f265bba188d98f697a5d256eb32c3406b0f63170f25a5d7fb0
                                      • Instruction Fuzzy Hash: 79014871911248AADB10EFA0C986BEDB7B4AF40704F20442CF502AB283CBB56A08CB70
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E04D1E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E04D25
                                        • Part of subcall function 00E0619E: __EH_prolog3.LIBCMT ref: 00E061A5
                                        • Part of subcall function 00E0619E: GetLastError.KERNEL32(00000004,00E04D5A,00000001,?,?,00000000,00000040,00E08851,00E200D0,?,?,?,00000000,0000003C,00E089F8,?), ref: 00E061C7
                                        • Part of subcall function 00E0619E: SetLastError.KERNEL32(?,?,?,00000000,?,?,00000000,0000003C,00E089F8,?,00000022,000000A4,00E3E644,00E200D0,00000001,00000000), ref: 00E06201
                                        • Part of subcall function 00DF0809: __EH_prolog3.LIBCMT ref: 00DF0810
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeH_prolog3String$H_prolog3_
                                      • String ID: Hg$Pg
                                      • API String ID: 117023860-3911212948
                                      • Opcode ID: 05a03e949dfffb6319dd42aba0b2d6eb7d53f6a5a7976b04d5d366f8c32a92a5
                                      • Instruction ID: a0024ba43e972037ac6c79fa1057552998c8779dcac13676fecf54af3fcff2a6
                                      • Opcode Fuzzy Hash: 05a03e949dfffb6319dd42aba0b2d6eb7d53f6a5a7976b04d5d366f8c32a92a5
                                      • Instruction Fuzzy Hash: 3801E87590020CDBCF10EFD0D886AEDBBB9FF40308F14441AE50577281DB746A0ACB60
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DFE168 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29libraryloaderCOMMON
                                      Download Yara Rule
                                      APIs
                                      • GetProcAddress.KERNEL32(?,RunISMSISetup), ref: 00DFE17D
                                      • GetLastError.KERNEL32 ref: 00DFE187
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: AddressErrorLastProc
                                      • String ID: RunISMSISetup
                                      • API String ID: 199729137-1536503584
                                      • Opcode ID: b4c66a3b39e6d1afffafac82a71d899731886f9b7875c8954dd55bcaab0528a9
                                      • Instruction ID: 90a214afa82cfa1181ea248bf6ba42ef95158509d2605c8099ac5809e7677476
                                      • Opcode Fuzzy Hash: b4c66a3b39e6d1afffafac82a71d899731886f9b7875c8954dd55bcaab0528a9
                                      • Instruction Fuzzy Hash: 1AF0A0715247209FE7149B21FC0877337A5FB41B05B51842DE45991560DB30D8049760
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E3ADA9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E3ADB0
                                        • Part of subcall function 00DF0617: __EH_prolog3.LIBCMT ref: 00DF061E
                                        • Part of subcall function 00DF0617: GetLastError.KERNEL32(00000004,00DF0837,?,00000000,00000004,00DFB8B4,?,00000001,0000006C,00DFC2A9,?,?,.ini,Hg,%ld,?), ref: 00DF0640
                                        • Part of subcall function 00DF0617: SetLastError.KERNEL32(?,?), ref: 00DF0678
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeString$H_prolog3H_prolog3_
                                      • String ID: @o$Ho
                                      • API String ID: 2488494826-3574598281
                                      • Opcode ID: ecb0dbafed9e885f6c33418f628e8bbca503b029bd50c3dcbbaa93fa1443c9bc
                                      • Instruction ID: 0d4b0e42b20a2824d5daa97fa07636c5cb6939efb02422a6a3700bef50fc896e
                                      • Opcode Fuzzy Hash: ecb0dbafed9e885f6c33418f628e8bbca503b029bd50c3dcbbaa93fa1443c9bc
                                      • Instruction Fuzzy Hash: 7FF03070A00209DBCB14EF94C8827ADBBB4FF94310F505048F609BB282CB74A905CBA4
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E4CE60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                      Download Yara Rule
                                      APIs
                                      • ShowWindow.USER32(00000001,00000005,?,00000004,Pg,00E4B15D,00000000), ref: 00E4CE86
                                      • InvalidateRect.USER32(00000001,00000000,00000001), ref: 00E4CE98
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: InvalidateRectShowWindow
                                      • String ID: Pg
                                      • API String ID: 518433929-754130359
                                      • Opcode ID: 315d409a1bcacf923788cf77e5bf8713c7a28258a6de63b6b5715703c3515c7c
                                      • Instruction ID: c7009ed0de65e7a8b9580c20537ef26fc6ecbe93d9e31255f1884e08260c7800
                                      • Opcode Fuzzy Hash: 315d409a1bcacf923788cf77e5bf8713c7a28258a6de63b6b5715703c3515c7c
                                      • Instruction Fuzzy Hash: 92E09232250B046ED7304F65ED06BA3B7AAEF00F50F420A2EB51AD3460D7E2AC009694
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E389FE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24windowCOMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E38A05
                                        • Part of subcall function 00DFC203: __EH_prolog3_GS.LIBCMT ref: 00DFC20D
                                      • SendDlgItemMessageW.USER32(00000000,?,0000000C,00000000,?), ref: 00E38A37
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorFreeH_prolog3_LastString$ItemMessageSend
                                      • String ID: `=
                                      • API String ID: 2041248303-370013431
                                      • Opcode ID: a231070aa85b97f114226fe58bf1e573699861fea3591dea14e52a0da7ea06ef
                                      • Instruction ID: 2e82ecba197cb66be2cd31b5c6720dc4835a19c26ffd9301a5861380815a590f
                                      • Opcode Fuzzy Hash: a231070aa85b97f114226fe58bf1e573699861fea3591dea14e52a0da7ea06ef
                                      • Instruction Fuzzy Hash: 60F0F235901289EBDF05EF94DC8ABDDBBB9EF84320F604241F524B61A1DB70AA05CB25
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E410C1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3_GS.LIBCMT ref: 00E410C8
                                        • Part of subcall function 00DF0617: __EH_prolog3.LIBCMT ref: 00DF061E
                                        • Part of subcall function 00DF0617: GetLastError.KERNEL32(00000004,00DF0837,?,00000000,00000004,00DFB8B4,?,00000001,0000006C,00DFC2A9,?,?,.ini,Hg,%ld,?), ref: 00DF0640
                                        • Part of subcall function 00DF0617: SetLastError.KERNEL32(?,?), ref: 00DF0678
                                        • Part of subcall function 00DE4CC0: GetLastError.KERNEL32(00000000,00E965D4,00DE8AFB), ref: 00DE4CCF
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(00500800), ref: 00DE4CE5
                                        • Part of subcall function 00DE4CC0: SysFreeString.OLEAUT32(0000002C), ref: 00DE4CF4
                                        • Part of subcall function 00DE4CC0: SetLastError.KERNEL32(?), ref: 00DE4D16
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$FreeString$H_prolog3H_prolog3_
                                      • String ID: Hg$Pg
                                      • API String ID: 2488494826-3911212948
                                      • Opcode ID: ad996398beb135d99cad67cb3e10c81c539ba37988b215dfcdac1e9ae1032591
                                      • Instruction ID: ce79a83206e6ee434254474f1fb3beb1983d06557a6d8cffc9741a0546695e60
                                      • Opcode Fuzzy Hash: ad996398beb135d99cad67cb3e10c81c539ba37988b215dfcdac1e9ae1032591
                                      • Instruction Fuzzy Hash: 49F03931C01158EBDF04FB91D85AADCBB78EF803A8F504045E50877282CBB0AA05CBB5
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E396DD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                      Download Yara Rule
                                      APIs
                                        • Part of subcall function 00DE4AD0: InitializeCriticalSectionEx.KERNEL32(00000000,00000000,00000000,00E3970C,00E965D4,?,00EB1F64,?,?,?,00E965D4,00DE8AA9,00E965D4,00000000), ref: 00DE4AD5
                                        • Part of subcall function 00DE4AD0: GetLastError.KERNEL32(?,?,00E965D4,00DE8AA9,00E965D4,00000000), ref: 00DE4ADF
                                      • IsDebuggerPresent.KERNEL32(00E965D4,?,00EB1F64,?,?,?,00E965D4,00DE8AA9,00E965D4,00000000), ref: 00E39710
                                      • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,00E965D4,00DE8AA9,00E965D4,00000000), ref: 00E3971F
                                      Strings
                                      • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00E3971A
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                      • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                      • API String ID: 3511171328-631824599
                                      • Opcode ID: b448e2b576089a0693d96123e6261d80f6004f312aa22f0d9ac501165557d843
                                      • Instruction ID: 99dce91556155fe545c10ae9cb893c9d65d99c489a2c44426262decb771fd7a8
                                      • Opcode Fuzzy Hash: b448e2b576089a0693d96123e6261d80f6004f312aa22f0d9ac501165557d843
                                      • Instruction Fuzzy Hash: 1FE0E5705107504FD321AF66E8087467FE5EF04798F00996EE499E2791EBF5D448CBA1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE4A40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
                                      Download Yara Rule
                                      APIs
                                      • std::_Xinvalid_argument.LIBCPMT ref: 00DE4A45
                                        • Part of subcall function 00E3969D: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00E396A9
                                      • SysFreeString.OLEAUT32(?), ref: 00DE4A60
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: FreeStringXinvalid_argumentstd::_std::invalid_argument::invalid_argument
                                      • String ID: string too long
                                      • API String ID: 2544861613-2556327735
                                      • Opcode ID: 401e89ebeb3d5aee42e9cc207ad5d24005646cec5fcf4c51a0f2ba8a713442ef
                                      • Instruction ID: 6ad72c168c5fd02b127c4d272ed24bce2f1ca6a3997d8bb7fdc9978648c78a13
                                      • Opcode Fuzzy Hash: 401e89ebeb3d5aee42e9cc207ad5d24005646cec5fcf4c51a0f2ba8a713442ef
                                      • Instruction Fuzzy Hash: 11C08C72800110DBEB183B18FC0F8853AA1EF00310B09183AF88A7043ADBE21C188A82
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE40F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE40F7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Name
                                      • API String ID: 3502553090-2540194944
                                      • Opcode ID: e9054894b59df30d4713e8b9174513d03381775b36774fdfc416fa29acc0f283
                                      • Instruction ID: 8b379132ea88c5d5e9dd2f453099ef83c2d362bb423bf1f27b00dc3f9ef2eae1
                                      • Opcode Fuzzy Hash: e9054894b59df30d4713e8b9174513d03381775b36774fdfc416fa29acc0f283
                                      • Instruction Fuzzy Hash: E5D0A7706803066AD614B364680BF9CA568DB40720F9061A5F358762C38FE14600C336
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE20E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE20E7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$TimestampRFC3161
                                      • API String ID: 3502553090-956469608
                                      • Opcode ID: e546780b8f64df537b9d9d091714975a6744f30317bed1981093c736c8d0af06
                                      • Instruction ID: 2af01acb3c7973adb797075691a4b1ecb26637543a78e164868a5defdf61608e
                                      • Opcode Fuzzy Hash: e546780b8f64df537b9d9d091714975a6744f30317bed1981093c736c8d0af06
                                      • Instruction Fuzzy Hash: 4DD0A7B06413016AD714B6B4580BF4DF968DB40B10F9061A5B258B62C3CFA04600C73A
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE40B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE40B7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/VSIConverter/Prereqs/Prereq$Hg
                                      • API String ID: 3502553090-2173617787
                                      • Opcode ID: 5e4227e1b21a625841e48c72ab310c3af9ad3553194a51f582116dd98b316de4
                                      • Instruction ID: c38b44705e148cd8cdd02353d9c4a98d2b5986bec032d842764cf0f70d59b2ae
                                      • Opcode Fuzzy Hash: 5e4227e1b21a625841e48c72ab310c3af9ad3553194a51f582116dd98b316de4
                                      • Instruction Fuzzy Hash: 39D0A77064030166DA24B264680BF4CA568DB40720F903166B35C762C38FA54601D335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE20A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE20A7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Timestamp
                                      • API String ID: 3502553090-2812648704
                                      • Opcode ID: cc9ba2744c0bc150a2c1e7cb4abc1f8736850caeb56a9155d663506d51f1c75d
                                      • Instruction ID: d12a197359440f6ccccc23c722ad7282af8de03fcda875cf77c4e1cac992b150
                                      • Opcode Fuzzy Hash: cc9ba2744c0bc150a2c1e7cb4abc1f8736850caeb56a9155d663506d51f1c75d
                                      • Instruction Fuzzy Hash: DBD0A7B46803416ADA10B6B4184BF8DE6589B40B10FA022A5B258B62D39FA49A00D339
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE4070 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE4077
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      • Hg, xrefs: 00DE4081
                                      • DevStudio/VSIConverter/Prereqs/Prereq[@Name="%s"]/ISPrereqs/ISPrereq, xrefs: 00DE4087
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/VSIConverter/Prereqs/Prereq[@Name="%s"]/ISPrereqs/ISPrereq$Hg
                                      • API String ID: 3502553090-4201787016
                                      • Opcode ID: a56d144746a45ad9e710585803bb6b398bb4837a77c8ec7a4c571f0295f89206
                                      • Instruction ID: 0d0a5ae351dcf317b94d24e0e2c3948f2239b68fec0dfa5c8c1efeb57d3de26d
                                      • Opcode Fuzzy Hash: a56d144746a45ad9e710585803bb6b398bb4837a77c8ec7a4c571f0295f89206
                                      • Instruction Fuzzy Hash: 01D0A77064030166DA14B264680BF4CA568DB40B10F90616AF318761C3CFA14601C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2060 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2067
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      • Hg, xrefs: 00DE2071
                                      • DevStudio/Build/DigitalSignature[@TimestampRFC3161], xrefs: 00DE2077
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/Build/DigitalSignature[@TimestampRFC3161]$Hg
                                      • API String ID: 3502553090-2249932453
                                      • Opcode ID: 2a4f42707c8db5cc3365bcb53186b1eb8c19dc8faba0ee71c717a42da5b41ed1
                                      • Instruction ID: 471e6bfc5fac19327bec75e8a843e1e3ebdda444d6a41b879e53086f92ab9805
                                      • Opcode Fuzzy Hash: 2a4f42707c8db5cc3365bcb53186b1eb8c19dc8faba0ee71c717a42da5b41ed1
                                      • Instruction Fuzzy Hash: 3BD0A7B064030066DA10B778280BF4DA5589B80B10F9022A57258B62D38FA48600C736
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE4030 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE4037
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Value
                                      • API String ID: 3502553090-426063123
                                      • Opcode ID: 36cfeff34b98e09a330515b4b13b1cc68f7b221acd57f0182f8f69442c20aa5a
                                      • Instruction ID: 31c63410102af19acf225dcdb896c90790201cba8396a1e524ffa035ab10b1a4
                                      • Opcode Fuzzy Hash: 36cfeff34b98e09a330515b4b13b1cc68f7b221acd57f0182f8f69442c20aa5a
                                      • Instruction Fuzzy Hash: 67D0A77064430566D624B2606807F4DA9A8DB80710F906165F358762D38FE14600C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE21D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE21D7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Url
                                      • API String ID: 3502553090-3009693149
                                      • Opcode ID: 3331af464e9ae5d708f05f7cdc8a18f0d69319e6e06011a83335bad4abdefa23
                                      • Instruction ID: 11243094a1227344b6327beb13dc905b02e0fce08733f8bde414e9a22a7db46b
                                      • Opcode Fuzzy Hash: 3331af464e9ae5d708f05f7cdc8a18f0d69319e6e06011a83335bad4abdefa23
                                      • Instruction Fuzzy Hash: 54D0C7706443457AD614B6B46807F9DE5A49B80B10F9161A5B359762D39FA44700C736
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE41F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE41F7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: FlashBB$Hg
                                      • API String ID: 3502553090-3398151595
                                      • Opcode ID: 8f7ebf1a91f14a2dad7f9b5a360860aa768b3744529d4da8f77542b73156a6e6
                                      • Instruction ID: acecece6da32c4e4509df5bf2f95670254a50ee8ee074939560b61f802975d03
                                      • Opcode Fuzzy Hash: 8f7ebf1a91f14a2dad7f9b5a360860aa768b3744529d4da8f77542b73156a6e6
                                      • Instruction Fuzzy Hash: 53D0A7706403026EC614F360A80BF9CB954DB41710F9021947398B61C78FA04600C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2190 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2197
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Name
                                      • API String ID: 3502553090-2540194944
                                      • Opcode ID: fc8449c12fbf99f4c52b239c98115a7c509f1bcbc6a3fb48c73ffe7b3787be92
                                      • Instruction ID: 788f6a1bb9a64d77cb8a50929ac3edc8ca50109413c14f2bc01aa5895dad7e58
                                      • Opcode Fuzzy Hash: fc8449c12fbf99f4c52b239c98115a7c509f1bcbc6a3fb48c73ffe7b3787be92
                                      • Instruction Fuzzy Hash: 12D0A77064034066DB14B2756807F8CA594AB80B10F9062E4F258B62D38FE04600C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE41B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE41B7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      • Hg, xrefs: 00DE41C1
                                      • DevStudio/ISMobile/MobileDevices/MobileDevice[@Mask="%d"]/UnsupportedPlatforms/Platform, xrefs: 00DE41C7
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/ISMobile/MobileDevices/MobileDevice[@Mask="%d"]/UnsupportedPlatforms/Platform$Hg
                                      • API String ID: 3502553090-3215768293
                                      • Opcode ID: 1cbc498d1be2b62c724ea5c33cfb4650ce1ac18c4272493e52f71ab4c411e300
                                      • Instruction ID: d912c692919d6049914f10febefdd8387bb19e60dcd38a1875198838d39cc32f
                                      • Opcode Fuzzy Hash: 1cbc498d1be2b62c724ea5c33cfb4650ce1ac18c4272493e52f71ab4c411e300
                                      • Instruction Fuzzy Hash: A0D0A770640301BADA14B3B4280BF4CA558DB40B10F902169B359B62C28FE44A00C336
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2157
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/Build/WPMRedistributable$Hg
                                      • API String ID: 3502553090-1373873627
                                      • Opcode ID: 2019f17480ecbe4a79355fd1f9d1ebedab4391eecdd2d56b56402c61e3261759
                                      • Instruction ID: 92aed6dd664c9642eef7c87fbf92703ceb4280c48dce61380f54472eada2b567
                                      • Opcode Fuzzy Hash: 2019f17480ecbe4a79355fd1f9d1ebedab4391eecdd2d56b56402c61e3261759
                                      • Instruction Fuzzy Hash: 5FD0A774A40304AAD610B2742807F9DA9589B40B10F9021A5F218B62D38FA14A00C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE4170 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE4177
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/ISXML/Encodings/Encoding$Hg
                                      • API String ID: 3502553090-3411491761
                                      • Opcode ID: a759f5c477b57a6cdf8bedab110799d59b1f5d9f7438ec48bc2dfb4a604ca9fe
                                      • Instruction ID: 61e038cb52324ffecbea4294b51276d405132d5f25a6b9f221fe4a4144bf8835
                                      • Opcode Fuzzy Hash: a759f5c477b57a6cdf8bedab110799d59b1f5d9f7438ec48bc2dfb4a604ca9fe
                                      • Instruction Fuzzy Hash: B5D0A770A403016ADA18B2A42807FADA658DB80710F902559B35CB62C38FA04600C339
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE4130 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE4137
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Default$Hg
                                      • API String ID: 3502553090-1205740301
                                      • Opcode ID: 3d5702b93eec06280e0e14dbaaf03c3a1e2b1b2347069296accad311121d8219
                                      • Instruction ID: 6cbee0133d6b4f013526ab5195d6161244fb23ccfe9f3ebbdbc26d07a55bd9ca
                                      • Opcode Fuzzy Hash: 3d5702b93eec06280e0e14dbaaf03c3a1e2b1b2347069296accad311121d8219
                                      • Instruction Fuzzy Hash: 0FD0C7B064434566DA14B7646D1BF5DE968EB40720F907669F25D762C29FB04600C739
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE22D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE22D7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      • Hg, xrefs: 00DE22E1
                                      • DevStudio/IDE/Workspaces/ScriptDialog/IS_ScriptDialog, xrefs: 00DE22E7
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/IDE/Workspaces/ScriptDialog/IS_ScriptDialog$Hg
                                      • API String ID: 3502553090-3486424785
                                      • Opcode ID: ba3c1dd29ecd775af753fffea25ac6d18da57300aeee343c5129573ff08e82c4
                                      • Instruction ID: 90a22e2a422828facff01876e91a23056131335a065b17991254b6e00f6ec818
                                      • Opcode Fuzzy Hash: ba3c1dd29ecd775af753fffea25ac6d18da57300aeee343c5129573ff08e82c4
                                      • Instruction Fuzzy Hash: E0D0C7706447157AD614B7745847F9DB664DB40B10F906295B299B61C3DFA04600C739
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE42F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE42F7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: FlashBB$Hg
                                      • API String ID: 3502553090-3398151595
                                      • Opcode ID: 2ba29fe8f397f2defcac13f3682ccc6b62921600d9bf366ade590a10e46d5118
                                      • Instruction ID: 1b7e0711c51e612407b1dcae34e88706df07eb6d76ab50b4fab91e4f96fbad11
                                      • Opcode Fuzzy Hash: 2ba29fe8f397f2defcac13f3682ccc6b62921600d9bf366ade590a10e46d5118
                                      • Instruction Fuzzy Hash: 89D0C7A06413456ADA15F7A4684BF9DF568DB40720F9061947259B61C79FA04601C736
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2290 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2297
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Color$Hg
                                      • API String ID: 3502553090-3939950995
                                      • Opcode ID: 11bd582e67c97fa024635d33ddf31e74da6734c637508c8664aa8383d43f2485
                                      • Instruction ID: 417104bafabddb26d66f54a3e2a9f922be3b49cc0b865a6e287a78b902475dfb
                                      • Opcode Fuzzy Hash: 11bd582e67c97fa024635d33ddf31e74da6734c637508c8664aa8383d43f2485
                                      • Instruction Fuzzy Hash: 73D0C774A453057AD714B7B8680BF5DB5549B80B10F9071D4765D761D38FA04A00C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE42B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE42B7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$IS_BBRD_LOOP_BILLBOARDS
                                      • API String ID: 3502553090-1006699862
                                      • Opcode ID: 0c2d9e701e0a4fd4fd802a469d7a1c8a79118fc4af27a97c73fd0f11f21dcab8
                                      • Instruction ID: 24e7bc1f70b9279b395c93b30b60ddd85b4374363d4fff2bfcfbc9e0be0fb05c
                                      • Opcode Fuzzy Hash: 0c2d9e701e0a4fd4fd802a469d7a1c8a79118fc4af27a97c73fd0f11f21dcab8
                                      • Instruction Fuzzy Hash: 5DD0A7606417456AC614B370680BF8CE554DB40714F906164B259B62C3CFA04600C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2250 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2257
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Path
                                      • API String ID: 3502553090-3256859017
                                      • Opcode ID: aae3e3f0fee30059b97ec443d6e90c7d29b406123e84edaf5c5f2bce0738f4e8
                                      • Instruction ID: 8060e8b547feea8186dc5719f456a548779b14ea2eff2edc7b061e8420d04587
                                      • Opcode Fuzzy Hash: aae3e3f0fee30059b97ec443d6e90c7d29b406123e84edaf5c5f2bce0738f4e8
                                      • Instruction Fuzzy Hash: 18D0C77468430576DA14B6746807F9DA6689B80B20F906294F29D761D3CFA09600D735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE4270 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE4277
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: FlashBB$Hg
                                      • API String ID: 3502553090-3398151595
                                      • Opcode ID: c80e9670362b6ca9caf224122479ebbdad71f40fe7c576fad4f9dbfbaa81060c
                                      • Instruction ID: 77590e3f34242fe7b65391750cd05d9b694a41a22b010b632a86a35e1e552a4d
                                      • Opcode Fuzzy Hash: c80e9670362b6ca9caf224122479ebbdad71f40fe7c576fad4f9dbfbaa81060c
                                      • Instruction Fuzzy Hash: 8ED0A7706403067AD614B370680BF8CB554DB40720F907155B259B61C7DFA04A01C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2210 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2217
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/Scanners/DotNetExclusionList$Hg
                                      • API String ID: 3502553090-1226892410
                                      • Opcode ID: 7979b232806d809295dec28aab64579488d8bc97a58830223e726046fea8d5d5
                                      • Instruction ID: 78bddede0af6d1ea8086cfb0360028679ee0266680179097042733e810092be1
                                      • Opcode Fuzzy Hash: 7979b232806d809295dec28aab64579488d8bc97a58830223e726046fea8d5d5
                                      • Instruction Fuzzy Hash: 25D0C770644305B6DA14B7B46907F5DA5549B80B20F906294B259761D38FA04600C739
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE4230 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE4237
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$IS_BBRD_LOOP_BILLBOARDS
                                      • API String ID: 3502553090-1006699862
                                      • Opcode ID: 0c60caaddf169e1c5dda14d8acccbf6bd3398d0cf003f814608053bb91c26c2b
                                      • Instruction ID: 69d756ac184996fde476ee12e894ec9eacd897a8e2149da74c932479a7749800
                                      • Opcode Fuzzy Hash: 0c60caaddf169e1c5dda14d8acccbf6bd3398d0cf003f814608053bb91c26c2b
                                      • Instruction Fuzzy Hash: 19D0C7746447467AD624B7646817F5DA954DF41B10F906154B359762C39FE04600C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE43D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE43D7
                                        • Part of subcall function 00DF070A: __EH_prolog3.LIBCMT ref: 00DF0711
                                        • Part of subcall function 00DF070A: GetLastError.KERNEL32(00000004,00DE4709,00E965D4,?,00000000), ref: 00DF0733
                                        • Part of subcall function 00DF070A: SetLastError.KERNEL32(?,?,?), ref: 00DF0774
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorH_prolog3Last
                                      • String ID: Hg$INSTMSIA.EXE
                                      • API String ID: 685212868-3015064611
                                      • Opcode ID: 4b8455fadeaa96863855e188b1e8f917812574315c534e931da53c4464d5d3f2
                                      • Instruction ID: db0a915de087278e3105f911794e3c5077e2198b3a95278b1db087a494f448dd
                                      • Opcode Fuzzy Hash: 4b8455fadeaa96863855e188b1e8f917812574315c534e931da53c4464d5d3f2
                                      • Instruction Fuzzy Hash: F7D0C77174130676DA24B6A46857F9DEE68EB80710F506294F358761C39FA04A01C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE4390 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE4397
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Setup.INI
                                      • API String ID: 3502553090-1360610087
                                      • Opcode ID: 2d43cc1be3a3ce30a246e6635d15a328ee233a86a998786fe35af6553611b7c2
                                      • Instruction ID: 46dedbf6083ce7b66fd4f7cde1b95ea19d1e1945e0df8849cf92e7a003390c8a
                                      • Opcode Fuzzy Hash: 2d43cc1be3a3ce30a246e6635d15a328ee233a86a998786fe35af6553611b7c2
                                      • Instruction Fuzzy Hash: 9CD0A77064030566CA20F2B47847F8DB964DB80710F9021E4B218B61C39FA04A01C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2390 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2397
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Hidden
                                      • API String ID: 3502553090-760434363
                                      • Opcode ID: 11955c6d4af3d009f0b221b7c27c2eef59e730087dbd947c24c2af019ec211ca
                                      • Instruction ID: 12bdbca116a93a5badaec82a722959e3676dc43c231cb6b514b0834b9461d28e
                                      • Opcode Fuzzy Hash: 11955c6d4af3d009f0b221b7c27c2eef59e730087dbd947c24c2af019ec211ca
                                      • Instruction Fuzzy Hash: F3D0A73064430166DA14B278680BF8DE554ABC0B10F9072F4B268762C38FE08740C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2350 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2357
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: FaceName$Hg
                                      • API String ID: 3502553090-3130869708
                                      • Opcode ID: b8d511aa9256a6c43e6675f38044fabfab9915f374ac059790f46ab00b85c8d0
                                      • Instruction ID: 3a901d7c28354d261e9bcfe614507ea701cd2449d474a99c0b0adc294014d62b
                                      • Opcode Fuzzy Hash: b8d511aa9256a6c43e6675f38044fabfab9915f374ac059790f46ab00b85c8d0
                                      • Instruction Fuzzy Hash: 3ED0C7746543057AD624B6746817F5DB6549B80B20F9061D4F269761D39FA04A01C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2310 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2317
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DisplayName$Hg
                                      • API String ID: 3502553090-594745838
                                      • Opcode ID: 8f7e3b45854afcfc3c092f0e978e02b76621dff5cf2ccc348fb996bf8b90fb58
                                      • Instruction ID: cb01e0104b829b15aecc53db346a3ef71b478b74dd72543c4c9e084b5290637c
                                      • Opcode Fuzzy Hash: 8f7e3b45854afcfc3c092f0e978e02b76621dff5cf2ccc348fb996bf8b90fb58
                                      • Instruction Fuzzy Hash: ABD0C77074530576DA14B6B4585FF9DA9549B40B11F906195B659B62C3CFA04600C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE4330 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE4337
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$IS_BBRD_LOOP_BILLBOARDS
                                      • API String ID: 3502553090-1006699862
                                      • Opcode ID: 4c439a5d70dae2975db757f18adcf48bcf80190d608029af055205d8b48b48c9
                                      • Instruction ID: f91baa13ab298aec2917f0b2c3b83ee5bdd9cf8320d8361fca280663c3921524
                                      • Opcode Fuzzy Hash: 4c439a5d70dae2975db757f18adcf48bcf80190d608029af055205d8b48b48c9
                                      • Instruction Fuzzy Hash: 7BD0A7706403067ACA20B360680BF8DE558EB40710F9061A4B21C762C3CFA44600C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE44D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE44D7
                                        • Part of subcall function 00DF070A: __EH_prolog3.LIBCMT ref: 00DF0711
                                        • Part of subcall function 00DF070A: GetLastError.KERNEL32(00000004,00DE4709,00E965D4,?,00000000), ref: 00DF0733
                                        • Part of subcall function 00DF070A: SetLastError.KERNEL32(?,?,?), ref: 00DF0774
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorH_prolog3Last
                                      • String ID: Hg$Setting.INI
                                      • API String ID: 685212868-1632685983
                                      • Opcode ID: b053a25e8231d9f3a6aed412deaef6ea03fb099663a07bb9556777243402d38b
                                      • Instruction ID: 457135e4cb5e6cc22ca17e4706bb96f031d455547e35ba9802b22e6102720210
                                      • Opcode Fuzzy Hash: b053a25e8231d9f3a6aed412deaef6ea03fb099663a07bb9556777243402d38b
                                      • Instruction Fuzzy Hash: 9BD0A770240345B6DE14B2A07847F9CEA54DF40B10F506294B319762C3DFA04900C739
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2490 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2497
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$ScriptMSIOnly
                                      • API String ID: 3502553090-1027941527
                                      • Opcode ID: bf745a975b72fdb0a385b07e28c130682cad76eade15705bc305a7d02f117aaf
                                      • Instruction ID: 37b3960b4f015859690711c4eb5b479f88755e886b6bba3a2a0bf03fed2428c5
                                      • Opcode Fuzzy Hash: bf745a975b72fdb0a385b07e28c130682cad76eade15705bc305a7d02f117aaf
                                      • Instruction Fuzzy Hash: 85D0A730A443026ACB24B3B4284FF9DA558DB80B10F9031D4B268B62C38FE04600C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE4490 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE4497
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: .MST$Hg
                                      • API String ID: 3502553090-3079468813
                                      • Opcode ID: 2c39df76cb273afefad05a0994eda6bdd0fd7a19a975091194515c7248792aa4
                                      • Instruction ID: c84bcb36bba4210ee0e6565f417e52fbc1a8eaffcecf7811e668e0eda06c5bd5
                                      • Opcode Fuzzy Hash: 2c39df76cb273afefad05a0994eda6bdd0fd7a19a975091194515c7248792aa4
                                      • Instruction Fuzzy Hash: E1D0A7706407126ACA20B274680BF9DA968DB40710F906194B218B61C39FF14A00C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2450 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2457
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Name
                                      • API String ID: 3502553090-2540194944
                                      • Opcode ID: 7d4de8f2b75d739a1cd65d9f1b38307d0b055d673fac6218974c8786fc1aec46
                                      • Instruction ID: 18253a2052d38adf1f36d2c319baf5226fd471385937a1eff9e7cfdc9df5482e
                                      • Opcode Fuzzy Hash: 7d4de8f2b75d739a1cd65d9f1b38307d0b055d673fac6218974c8786fc1aec46
                                      • Instruction Fuzzy Hash: 1AD0A73068430066D620B6746847F8CA5549B80B10F9062E5F2A8B62C38FE44600C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE4450 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE4457
                                        • Part of subcall function 00DF070A: __EH_prolog3.LIBCMT ref: 00DF0711
                                        • Part of subcall function 00DF070A: GetLastError.KERNEL32(00000004,00DE4709,00E965D4,?,00000000), ref: 00DF0733
                                        • Part of subcall function 00DF070A: SetLastError.KERNEL32(?,?,?), ref: 00DF0774
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorH_prolog3Last
                                      • String ID: Hg$MSIEXEC.EXE
                                      • API String ID: 685212868-623801348
                                      • Opcode ID: 878645eab3f65548a2c8c7a85c08d7bf9903fd0d72f05c9996d85e3712bed755
                                      • Instruction ID: a5babd926f7f65dab9c919569b6df17b6c2c8957e46bb7593c1adb71024747a8
                                      • Opcode Fuzzy Hash: 878645eab3f65548a2c8c7a85c08d7bf9903fd0d72f05c9996d85e3712bed755
                                      • Instruction Fuzzy Hash: ACD0A77064030676DA20B6B45807F9DEA58DB80710F5062D8F328761C39FA04A00C635
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2410 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2417
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Lang
                                      • API String ID: 3502553090-4165121764
                                      • Opcode ID: 6134801d7f039f52cba613058ee37c3c695bbdcaf62c9bc317fa48f13bb033a4
                                      • Instruction ID: f9ccecf80e8af5eeceec1221cc67658088ae1a20b5303b3f055ca20c779feb9f
                                      • Opcode Fuzzy Hash: 6134801d7f039f52cba613058ee37c3c695bbdcaf62c9bc317fa48f13bb033a4
                                      • Instruction Fuzzy Hash: E5D0A7306443066ACA24B2B4184FF9DA5589B80B10F9022E4B258762C38FE04640C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE4410 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE4417
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$INSTMSIW.EXE
                                      • API String ID: 3502553090-1544969729
                                      • Opcode ID: 91262b4b2561f5ac12a36ddfc0b1a87904be5f1e20e4fc665da140da1b7ebcab
                                      • Instruction ID: fa369efe1cd982d6e4ecab0cc29cfd856a91842c2382cc9ddbca7beb3a3aed6d
                                      • Opcode Fuzzy Hash: 91262b4b2561f5ac12a36ddfc0b1a87904be5f1e20e4fc665da140da1b7ebcab
                                      • Instruction Fuzzy Hash: 71D0A77068030166DE20B6A07847F9DA954EB80710FE022A4B21C761C3DFA04600C736
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE25D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE25D7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/Build/Warnings$Hg
                                      • API String ID: 3502553090-1795248847
                                      • Opcode ID: bb807f33c73753ff72d8497c740c9d5ceed9fb5d448032c5b61bd2da74b7e2b0
                                      • Instruction ID: a320a8ede060d99f9d764fd5389d1d61bad01fe2e5fa0e5b13b337bdedaf1e39
                                      • Opcode Fuzzy Hash: bb807f33c73753ff72d8497c740c9d5ceed9fb5d448032c5b61bd2da74b7e2b0
                                      • Instruction Fuzzy Hash: BCD0A7706403026ED614F7B45807F8DE5989B40B10F9021E5B29ABA2D28FA04600C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE45D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE45D7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: FlashBB$Hg
                                      • API String ID: 3502553090-3398151595
                                      • Opcode ID: 8a3c166e8d2fd40eb73ff21ed33798a27e78c29b07cb65cccc65f7479ee620f9
                                      • Instruction ID: a6dbe3098a39524f5cfc69e850a59c584296bb4bcdb4eab197c70bc372ed621f
                                      • Opcode Fuzzy Hash: 8a3c166e8d2fd40eb73ff21ed33798a27e78c29b07cb65cccc65f7479ee620f9
                                      • Instruction Fuzzy Hash: 4CD0A7707403066ACA14B7A06847F8CA658DB40710F9022A4B369761C79FA04600C339
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2590 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2597
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      • DevStudio/IDE/Workspaces/ScriptDialog/IS_ScriptTextStyle, xrefs: 00DE25A7
                                      • Hg, xrefs: 00DE25A1
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/IDE/Workspaces/ScriptDialog/IS_ScriptTextStyle$Hg
                                      • API String ID: 3502553090-2360548899
                                      • Opcode ID: ff2b786a99e26144b22b5c7fe3f99fa4801e23a954657dd4e1990e4cd06b3824
                                      • Instruction ID: 87958f952deb58e24535af36106d0a2ee871f0f17dcdd32c6a8cdc44971df192
                                      • Opcode Fuzzy Hash: ff2b786a99e26144b22b5c7fe3f99fa4801e23a954657dd4e1990e4cd06b3824
                                      • Instruction Fuzzy Hash: 02D0C7746453057ADB18B7B4584FF9DA554EBC0B10FD065E4B29BB61C3DFA44600C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE4590 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE4597
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$IS_BBRD_LOOP_BILLBOARDS
                                      • API String ID: 3502553090-1006699862
                                      • Opcode ID: 74776dbe3998dd838b51ba153d0d69c8e1f8e727adb498a653d1fc6e84c65da5
                                      • Instruction ID: ee461af8eb1702fbcf7f56c24a160df9ac789c49823fd727a2a4463f9f40edb8
                                      • Opcode Fuzzy Hash: 74776dbe3998dd838b51ba153d0d69c8e1f8e727adb498a653d1fc6e84c65da5
                                      • Instruction Fuzzy Hash: 76D0A760A403066ACA14F3606847F5DA958DB40B10F906194B25D762C3DFA04600C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2550 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2557
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$StyleBits
                                      • API String ID: 3502553090-2787004771
                                      • Opcode ID: 3e1d4c1974ffcd676d4be1d152b410ecbd94b9c9468686b435de310edb9d0395
                                      • Instruction ID: d74815a7fa755cbe28c448e581d1a8593c022617f671624377eb2a90ad3012f5
                                      • Opcode Fuzzy Hash: 3e1d4c1974ffcd676d4be1d152b410ecbd94b9c9468686b435de310edb9d0395
                                      • Instruction Fuzzy Hash: 0CD0C774A443057AD714B6B47847F9DF9589BC0B20F906294F259762D78FE08600C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE4550 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE4557
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: FlashBB$Hg
                                      • API String ID: 3502553090-3398151595
                                      • Opcode ID: e52e68952c919276610b4cd7b8c6fa26eb728847e77e4b8e2549618f2e73066a
                                      • Instruction ID: 6f4832090379ff8bf4ed38330add1d419f6152b3d909a48cb097f380c30dc7e3
                                      • Opcode Fuzzy Hash: e52e68952c919276610b4cd7b8c6fa26eb728847e77e4b8e2549618f2e73066a
                                      • Instruction Fuzzy Hash: AFD0A7606403066ACA14B3606847F8DAA68DB40710F907194736D761C79FA04601C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2510 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2517
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Size
                                      • API String ID: 3502553090-1049302764
                                      • Opcode ID: 7595c392bd3fc27199204bd5a38de80131454c56d55ef61d3fa0dd7dfb74a85c
                                      • Instruction ID: f2a13e8912a637d0861ed6c9cd98e07acaf5025f6583cb44b918b20e66df7640
                                      • Opcode Fuzzy Hash: 7595c392bd3fc27199204bd5a38de80131454c56d55ef61d3fa0dd7dfb74a85c
                                      • Instruction Fuzzy Hash: E0D0A7706403017ADA14B2B8280BF9CB5549BC0B10F9021A4B65D762C38FE04601C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE4510 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE4517
                                        • Part of subcall function 00DF070A: __EH_prolog3.LIBCMT ref: 00DF0711
                                        • Part of subcall function 00DF070A: GetLastError.KERNEL32(00000004,00DE4709,00E965D4,?,00000000), ref: 00DF0733
                                        • Part of subcall function 00DF070A: SetLastError.KERNEL32(?,?,?), ref: 00DF0774
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorH_prolog3Last
                                      • String ID: Hg$setup.isn
                                      • API String ID: 685212868-608664241
                                      • Opcode ID: 9902b8d938630e720e700224958d14e2caff2949c2a4fb02d75bded747015a3c
                                      • Instruction ID: 455a0fa92c87eef2d116eef57b2aef36fc84042f84415265a776886a0b5740fa
                                      • Opcode Fuzzy Hash: 9902b8d938630e720e700224958d14e2caff2949c2a4fb02d75bded747015a3c
                                      • Instruction Fuzzy Hash: B8D0A7B164031576CA14B2742807F5CEE64DB40B10F507694B318761C7EFA04900C739
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE26D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE26D7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      • Hg, xrefs: 00DE26E1
                                      • DevStudio/Build/DirectoryReferences/Reference, xrefs: 00DE26E7
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/Build/DirectoryReferences/Reference$Hg
                                      • API String ID: 3502553090-981270987
                                      • Opcode ID: 9480afcdb79b2e3b95a23fc5b7b3a90d9978195e4a4a9c43bf3cbf736a50193b
                                      • Instruction ID: 1d94cec5ca8902b0d96845a35e3569cbc2a06048dd6f230503c099bfae417534
                                      • Opcode Fuzzy Hash: 9480afcdb79b2e3b95a23fc5b7b3a90d9978195e4a4a9c43bf3cbf736a50193b
                                      • Instruction Fuzzy Hash: 44D0A7706803016ADA14B2B4185BF9CE5589B40B10F9062A47299762C2CFB04604C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2690 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2697
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Timeout
                                      • API String ID: 3502553090-1753734656
                                      • Opcode ID: 40dadd933fab73870ed8b27b190af0dd19b3899502f39d9b4d061a1b38cbf96a
                                      • Instruction ID: 193e987db0531a038991094cfda323bfbe5db07d815f4055b294dead14f3657f
                                      • Opcode Fuzzy Hash: 40dadd933fab73870ed8b27b190af0dd19b3899502f39d9b4d061a1b38cbf96a
                                      • Instruction Fuzzy Hash: A5D0A77068130166D624B2B4580BF5CE9589B40B20F9022A4B659762C3CFA04701C73A
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE4690 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE4697
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$IS_BBRD_LOOP_BILLBOARDS
                                      • API String ID: 3502553090-1006699862
                                      • Opcode ID: dd1063e40d54bc82c32087442fb3cfe6940cce6e68c04bf798f546bd8ecf529f
                                      • Instruction ID: 1087afef9f49eecd8b970fd5c5c1e6daa7d5a372de870c9f678bfbd46d613601
                                      • Opcode Fuzzy Hash: dd1063e40d54bc82c32087442fb3cfe6940cce6e68c04bf798f546bd8ecf529f
                                      • Instruction Fuzzy Hash: 75D0A7607503056AC714B7606817F4CA594DB40710F902264F318B62C38FE04600C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2650 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2657
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/Build/ComExtraction$Hg
                                      • API String ID: 3502553090-2941699223
                                      • Opcode ID: 35e72686ddc09e8eae89061b64ba78f8fc28b9c8923a3c8b0cb763c72f0c2b8b
                                      • Instruction ID: 155b2b7aeeac0b0aa45872c0cc2660afbf1d0adc904ffe966201ce5f16275a57
                                      • Opcode Fuzzy Hash: 35e72686ddc09e8eae89061b64ba78f8fc28b9c8923a3c8b0cb763c72f0c2b8b
                                      • Instruction Fuzzy Hash: 52D0A7706803016ADA14F6B41847F8CEA589B40B10F9021A5B299B62C28FA04600C736
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE4650 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE4657
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: FlashBB$Hg
                                      • API String ID: 3502553090-3398151595
                                      • Opcode ID: 95907375e472431c66047a441bee784275d95b2d2f08f3e7c7cb9162b8390bbe
                                      • Instruction ID: d88ba95d645b7c95f652bd258ca84032ea10203af8ff5254fa6d976174f9f00e
                                      • Opcode Fuzzy Hash: 95907375e472431c66047a441bee784275d95b2d2f08f3e7c7cb9162b8390bbe
                                      • Instruction Fuzzy Hash: 99D0A7707403026AC614F374684BF8DB654DB41710F9022A4B369761C79FE04600C339
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2610 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2617
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Disable$Hg
                                      • API String ID: 3502553090-2491268807
                                      • Opcode ID: eb15a203c980151c43c73326944e46c4d54efeb25a60e897b77d6982a33f2c90
                                      • Instruction ID: 8047541543c71a53b6e86e714317bc7c5b60fc69688a6d1661db7973709af5ff
                                      • Opcode Fuzzy Hash: eb15a203c980151c43c73326944e46c4d54efeb25a60e897b77d6982a33f2c90
                                      • Instruction Fuzzy Hash: 86D0A77064030466DA14F2B41807F5DA568DB80B10F9032A5B25AB62C29FA04600D336
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE4610 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE4617
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$IS_BBRD_LOOP_BILLBOARDS
                                      • API String ID: 3502553090-1006699862
                                      • Opcode ID: 6dfcbfd6cd4d91746dff0ca713f7736d8c65d3862bc1c5b59aac32af654c7aee
                                      • Instruction ID: a60dd81edce394ab9a7f7831dd55e66dc8d9ddc0f2fff6aed0a990ebf959cb51
                                      • Opcode Fuzzy Hash: 6dfcbfd6cd4d91746dff0ca713f7736d8c65d3862bc1c5b59aac32af654c7aee
                                      • Instruction Fuzzy Hash: 8DD0A770A843056AC614B7B06847F4CAA54DB40710F902194B2197A2C7DFA04600C339
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE27D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE27D7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Drop$Hg
                                      • API String ID: 3502553090-1766930186
                                      • Opcode ID: 923cc4e2ed5885af2da71526bde9e78e747711f6c09909d904b80ee811627fcd
                                      • Instruction ID: 1e14db42572f061b052f01ba6a067965b8d62c62e452024dd85b6ccbfa284b17
                                      • Opcode Fuzzy Hash: 923cc4e2ed5885af2da71526bde9e78e747711f6c09909d904b80ee811627fcd
                                      • Instruction Fuzzy Hash: 76D0A770640301AADA14B3B41807FCDE9A89B40B10F9031A5B25A762D28FE08A00C33A
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2790 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2797
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/Build/EmptyTableDisposition$Hg
                                      • API String ID: 3502553090-1466915723
                                      • Opcode ID: 11cf2a55bf115f0f436f381c33adeafdc0026d58c46de638d5c13eaf1cad3f5c
                                      • Instruction ID: 342aa2b56a1ca3f75cfe4b6e519f710c5056dd73c9a8f182324f208b0350a5be
                                      • Opcode Fuzzy Hash: 11cf2a55bf115f0f436f381c33adeafdc0026d58c46de638d5c13eaf1cad3f5c
                                      • Instruction Fuzzy Hash: 8BD0A77074034076DA14B2B41807F6CA55CAF80B10F9021A4B25DB62C3CFA04A00C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2750 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2757
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Table
                                      • API String ID: 3502553090-4064010849
                                      • Opcode ID: d663ad2edd8998e67a04647cf26d4e5b1cfe26f2aec1af83fe65e9459d918139
                                      • Instruction ID: 0789f57e11108b324aae9ab114241152a758f86f5863292bc15ac84a7c8be281
                                      • Opcode Fuzzy Hash: d663ad2edd8998e67a04647cf26d4e5b1cfe26f2aec1af83fe65e9459d918139
                                      • Instruction Fuzzy Hash: 2DD0A7746403016ADA14B7B41847F5CB5589B40B10F9032A4B259762C28FE04600C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2710 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2717
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Column$Hg
                                      • API String ID: 3502553090-955273454
                                      • Opcode ID: 4289b638f728233069ca1e92b59db4804426652c07b15c8909d092c117ff539b
                                      • Instruction ID: c1cbfb83c41b6d05d1df1c937b9f2f9b062508a696edc119684046e78fd347de
                                      • Opcode Fuzzy Hash: 4289b638f728233069ca1e92b59db4804426652c07b15c8909d092c117ff539b
                                      • Instruction Fuzzy Hash: 4ED0A774B407046ADA14F6B4584BF4CE558DB40B10FA061A4B259762C28FA08600C739
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE28D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE28D7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: CabFileSubFolder$Hg
                                      • API String ID: 3502553090-2768137427
                                      • Opcode ID: 3e031213e9f2286349a251d02d80831090b6ee365d11e989d7e51f43c173dc91
                                      • Instruction ID: 7517e7c22191bf5a257f84d195d42e98402ea8b6c6c4480d5f3176874620cf04
                                      • Opcode Fuzzy Hash: 3e031213e9f2286349a251d02d80831090b6ee365d11e989d7e51f43c173dc91
                                      • Instruction Fuzzy Hash: 92D0A7706403056ADA24B6745807F9CB5649B40B20F9061E5B259761C3DFA04A00C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2890 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2897
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/Build/EmptyTableDisposition/*$Hg
                                      • API String ID: 3502553090-902488156
                                      • Opcode ID: a37d451be32824c377641a1f0c16b99f439dfa04824a7e55926446026ab6915f
                                      • Instruction ID: e151244db683eca08ade54557e1d1fd69c0c38cf63a36f3be8ac292d691485da
                                      • Opcode Fuzzy Hash: a37d451be32824c377641a1f0c16b99f439dfa04824a7e55926446026ab6915f
                                      • Instruction Fuzzy Hash: 67D0A770A4030066DB18B278280BF6CA958DF80B10F906294B21DB62C38FA04F00C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2850 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2857
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Ref:
                                      • API String ID: 3502553090-2458819029
                                      • Opcode ID: 34d7fea892998dea5f1f45ca6806fec1f1aff4ced5b96b6736271f019b7477c0
                                      • Instruction ID: 94f9b10a072260c51568de30ca6041ede87998ae95bdf991f0b964490fe45f48
                                      • Opcode Fuzzy Hash: 34d7fea892998dea5f1f45ca6806fec1f1aff4ced5b96b6736271f019b7477c0
                                      • Instruction Fuzzy Hash: A0D0A7746803016AD614F2742807F5CA558DB40B20F9021A6B299762C2CFA04A00C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2810 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2817
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Keep
                                      • API String ID: 3502553090-45841037
                                      • Opcode ID: 2c49cbfde1b2296e0b818580af3fad2d64a085f1b61921c382679d9385b23ad8
                                      • Instruction ID: 01f2316f60269a873cbf2d2abbd0b8f2d59bdd4c83f7b2c16af131fa1381f1a0
                                      • Opcode Fuzzy Hash: 2c49cbfde1b2296e0b818580af3fad2d64a085f1b61921c382679d9385b23ad8
                                      • Instruction Fuzzy Hash: 5CD0A77064030066DE14B6B41907F8CA558AB40B10F9026B5F259762C38FA04A00D335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE29D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE29D7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$IniSection
                                      • API String ID: 3502553090-733762743
                                      • Opcode ID: 381ae6c0210a9fe2debacbbabaa0ec6a160eb96b7b9beb7d5c1c9058b69ffb27
                                      • Instruction ID: cd8a9698615b135f8053f2adbb187a0440c20c2a090e3497f3c76dcba2e01941
                                      • Opcode Fuzzy Hash: 381ae6c0210a9fe2debacbbabaa0ec6a160eb96b7b9beb7d5c1c9058b69ffb27
                                      • Instruction Fuzzy Hash: FAD0A7306403056ED614F2B4180BF9DF5589B40B10F9021A47259762D6CFA04600C736
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2990 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2997
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$IniFile
                                      • API String ID: 3502553090-3249619198
                                      • Opcode ID: 37d3b31f2df7462aad25fd999b94d48755b39958131a6ee65e48a8780088feb6
                                      • Instruction ID: 8b1bd7d27aa407bce66b946cc821554df898c1489d8b3705f2ce7f9cbcfe8e51
                                      • Opcode Fuzzy Hash: 37d3b31f2df7462aad25fd999b94d48755b39958131a6ee65e48a8780088feb6
                                      • Instruction Fuzzy Hash: 43D0A7306403056ADB14B274180BF5CF558EB80B10F9022B5B258762C78FB04600D736
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2950 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2957
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: FindWhat$Hg
                                      • API String ID: 3502553090-1587664067
                                      • Opcode ID: 24505ef49295504f260ae03ec8b70410d83f32b2d22e35779af25ab591cf7798
                                      • Instruction ID: 4706b0a1f73f5b9e422bd7969bf0c8ebc0e6237d1576136fc44bcc3816cacf3e
                                      • Opcode Fuzzy Hash: 24505ef49295504f260ae03ec8b70410d83f32b2d22e35779af25ab591cf7798
                                      • Instruction Fuzzy Hash: A6D0A7746403046AD624B2B45807F5DA5649B40B10FD031A5B258B61D3CFA14A00C376
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2910 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2917
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DisplayName$Hg
                                      • API String ID: 3502553090-594745838
                                      • Opcode ID: e094c5d13ae289b9dc4de3d3ba821b9d6cc27160a6dd82d4c7448defd76dd871
                                      • Instruction ID: 7d69ac06725431aee05172778300b275a66aa6517b688865476f7c7b899adf2c
                                      • Opcode Fuzzy Hash: e094c5d13ae289b9dc4de3d3ba821b9d6cc27160a6dd82d4c7448defd76dd871
                                      • Instruction Fuzzy Hash: B4D0C77074530566DA14B674691FF9DE958EB40B51F906294B259762C3CFB05A00C736
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2AD0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2AD7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$PathVar
                                      • API String ID: 3502553090-58128687
                                      • Opcode ID: 328c6a3a9167ad997b546ed8d6fb2dc4942b05c6d3cfdbe15d3746d3ff8f8470
                                      • Instruction ID: ab4af1951b629806e1b6f6c2dd4d6b9ebb4e0cea08125827d45416822f90d47e
                                      • Opcode Fuzzy Hash: 328c6a3a9167ad997b546ed8d6fb2dc4942b05c6d3cfdbe15d3746d3ff8f8470
                                      • Instruction Fuzzy Hash: 04D0C7706413166ADA14B7B85C1BF9DF568DB40B10FA061A5B359761C3CFA14601D735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2A90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2A97
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Name
                                      • API String ID: 3502553090-2540194944
                                      • Opcode ID: 12494b687c20ef8e74a26f703f125ce9301604c0ab7f606ea4765dc8991dbadd
                                      • Instruction ID: e87399c6979aba10f497aa45ce71ea50dc0be635a54079afd545d6334cba09ee
                                      • Opcode Fuzzy Hash: 12494b687c20ef8e74a26f703f125ce9301604c0ab7f606ea4765dc8991dbadd
                                      • Instruction Fuzzy Hash: 5CD0A73074430566D610B274680BF9CE658DBC0B10F9061A5B31C762C38FE04600C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2A50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2A57
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Mask
                                      • API String ID: 3502553090-3055874486
                                      • Opcode ID: ad1b4cc405818ec1f129adf9d0c4b29f26c3be29e775ae4ca93ecfc315940475
                                      • Instruction ID: 0c98770107a93fd0c1c1409144d7cb0df2cc42bc647b58eefd899a3380d86be7
                                      • Opcode Fuzzy Hash: ad1b4cc405818ec1f129adf9d0c4b29f26c3be29e775ae4ca93ecfc315940475
                                      • Instruction Fuzzy Hash: 6ED0A7306403016AD614B2741807F4CE9589B40B10F9021A9F258762C3CFA04A00C736
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2A10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2A17
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$IniValue
                                      • API String ID: 3502553090-1518909757
                                      • Opcode ID: 66052121854b69945a3fc09f3038aba7dfbafcbe8c41a8fb42276aecc945d4d1
                                      • Instruction ID: a69cf1604fdef37f18eea6ab67c55a68348db3e1af8e0de014bb0264ac2c9429
                                      • Opcode Fuzzy Hash: 66052121854b69945a3fc09f3038aba7dfbafcbe8c41a8fb42276aecc945d4d1
                                      • Instruction Fuzzy Hash: 97D0A7706403046BEA14B2B42807F5CF568EB40B50F9063A4B218B62C6CFA04600D73A
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2BD0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2BD7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$ReplaceWith
                                      • API String ID: 3502553090-3764847301
                                      • Opcode ID: 31be5c1c04b1af48578e1e2ed7ae734a86ec4f4e674565d6faedfb7ce2935b48
                                      • Instruction ID: 12a4a44d6bbc24f76c557957e4a94771a08ffd9563949e5b2f48c2bc9d9b90e6
                                      • Opcode Fuzzy Hash: 31be5c1c04b1af48578e1e2ed7ae734a86ec4f4e674565d6faedfb7ce2935b48
                                      • Instruction Fuzzy Hash: 12D0A7706403066AD610B2B45807F9DE5649B40B10F9061A5735DB71C38FB54A00D335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2B90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2B97
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$RegName
                                      • API String ID: 3502553090-2737016446
                                      • Opcode ID: 5fbc293e9e46182fd69fa8e276c3f384ee3b4d7f031749cc71921da301e70935
                                      • Instruction ID: 28bd1f658685f9d0664a0a23b74430bc185ff07a4671fafd55d226e29bc6de5c
                                      • Opcode Fuzzy Hash: 5fbc293e9e46182fd69fa8e276c3f384ee3b4d7f031749cc71921da301e70935
                                      • Instruction Fuzzy Hash: 03D0A73064030566DA10B2B8280BF9DE568AB84B10F9022A5B358761C38FA04600C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2B50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2B57
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$RegKey
                                      • API String ID: 3502553090-3902384563
                                      • Opcode ID: 5a5d03215a20f0ee1771a7d46ded02ab9ddc496c80ea509ecb99ce5303acd4b9
                                      • Instruction ID: df891a2ff75c114d99a01303df28b91277124742d1aa5326b79a48a3c06cde71
                                      • Opcode Fuzzy Hash: 5a5d03215a20f0ee1771a7d46ded02ab9ddc496c80ea509ecb99ce5303acd4b9
                                      • Instruction Fuzzy Hash: 71D0A73464030176D610B2B4180BF9CF5789B40B10F9021A5B318771C38FE04600C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2B10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2B17
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$ProductCode
                                      • API String ID: 3502553090-4235289593
                                      • Opcode ID: 19187a565dfbe64143b7312e51b96eea00f22c47b63f46bbd382c675d1e4ae25
                                      • Instruction ID: 3bc1823ac7e650a97e54c691b15592d6766b15e2233934750ba200b6a5c40441
                                      • Opcode Fuzzy Hash: 19187a565dfbe64143b7312e51b96eea00f22c47b63f46bbd382c675d1e4ae25
                                      • Instruction Fuzzy Hash: 87D0A77064030466C620B274180BF8CE5649B40B60FA02294B359761C38FA04601C339
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2CD0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2CD7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      • DevStudio/ISMobile/MobileRedists/MobileRedist, xrefs: 00DE2CE7
                                      • Hg, xrefs: 00DE2CE1
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/ISMobile/MobileRedists/MobileRedist$Hg
                                      • API String ID: 3502553090-1786309049
                                      • Opcode ID: 4fc6f5a91cd0776cf0b64f56e64727100b94a047a019c29c7ee63d7cf564cac2
                                      • Instruction ID: b536b28abef6f551599074fc6519165914d72a188814111e1fa5b5927f2d8380
                                      • Opcode Fuzzy Hash: 4fc6f5a91cd0776cf0b64f56e64727100b94a047a019c29c7ee63d7cf564cac2
                                      • Instruction Fuzzy Hash: 19D0A7706403016AD610B3B42807F9DA6589B40B10F9061A4B258762C2CFA05600C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2C90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2C97
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      • Hg, xrefs: 00DE2CA1
                                      • DevStudio/ISMobile/MobileRedistPaths/MobileRedistPath, xrefs: 00DE2CA7
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/ISMobile/MobileRedistPaths/MobileRedistPath$Hg
                                      • API String ID: 3502553090-1938671633
                                      • Opcode ID: 26a0b6bbc57629330fa9dce2a6961ecb5f0534b1268269bc1071195e617e3d47
                                      • Instruction ID: 11fe3f2be41864b6e645c3f264f5a295755f87434f053db2b5d302db4d08698d
                                      • Opcode Fuzzy Hash: 26a0b6bbc57629330fa9dce2a6961ecb5f0534b1268269bc1071195e617e3d47
                                      • Instruction Fuzzy Hash: C6D0A73064130466D614B778280BF5CA668DB80B10F9021A4721C762C6CFA04700C736
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2C50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2C57
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      • Hg, xrefs: 00DE2C61
                                      • DevStudio/ISMobile/MobileDevices/MobileDevice, xrefs: 00DE2C67
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/ISMobile/MobileDevices/MobileDevice$Hg
                                      • API String ID: 3502553090-1493285097
                                      • Opcode ID: e009bac8aa7e2503744d9f7b0158253691459e5724a07abbd2c609fd110c7a92
                                      • Instruction ID: 4167b5a116bc4397d755bc31b9bb0bf20ded9382a75e7729a132d6c0522e24ff
                                      • Opcode Fuzzy Hash: e009bac8aa7e2503744d9f7b0158253691459e5724a07abbd2c609fd110c7a92
                                      • Instruction Fuzzy Hash: 9BD0A77064170466D620B3741807F5CE9589B40B20F9021A5B258762C2CFA04600C736
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2C10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2C17
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$SourceFolder
                                      • API String ID: 3502553090-3540808571
                                      • Opcode ID: 9fbb6a338a21d095ce9d53a8fa87e304ab7d5675bf46fd446a89458209847eb1
                                      • Instruction ID: 28ff847f379d941fce8c30b9e0d613ef492495d8fa9c6f567581e9794604b25a
                                      • Opcode Fuzzy Hash: 9fbb6a338a21d095ce9d53a8fa87e304ab7d5675bf46fd446a89458209847eb1
                                      • Instruction Fuzzy Hash: 2ED0A770640301AADE10B2B41807F8CA5749B40B10F9022B5B219762D3CFA44A00D335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2DD0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2DD7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: BuildMin$Hg
                                      • API String ID: 3502553090-4228016849
                                      • Opcode ID: e9a83a309b6a86ee4f284f061868850dc3a961ff4222ec3ea3da5b014c590bcf
                                      • Instruction ID: e944b63063569cde8f6bc9710df8385354636389d54ccc67f382096588b010c2
                                      • Opcode Fuzzy Hash: e9a83a309b6a86ee4f284f061868850dc3a961ff4222ec3ea3da5b014c590bcf
                                      • Instruction Fuzzy Hash: 35D0A7306803017AD614B2B4680BF8DE654DB80B10F9062A4F259761D38FB44A01C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2D90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2D97
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: BuildMax$Hg
                                      • API String ID: 3502553090-736745616
                                      • Opcode ID: da34d25720e9073f3967e54a1b814c2abb3b5f96cfd2eacaa373461d89cdf849
                                      • Instruction ID: 924476e64d8423dbc512355d50161e07e153b25e63024b4589df305739d16c44
                                      • Opcode Fuzzy Hash: da34d25720e9073f3967e54a1b814c2abb3b5f96cfd2eacaa373461d89cdf849
                                      • Instruction Fuzzy Hash: 00D0A7706403047ADA14B274680BF4CA558AB40B10F9021B4B318761C3CFA04A00C736
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2D50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2D57
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/IDE/Workspaces/WINNT10SERVERS/OS$Hg
                                      • API String ID: 3502553090-1644288658
                                      • Opcode ID: 6af2602be4968265d14f94047cc20bfadb7a7885eac06510973142de29e4000a
                                      • Instruction ID: f55e739b72e94de344441da5a415e1d5aaeb689c09e698ea20d4917e53b3a28c
                                      • Opcode Fuzzy Hash: 6af2602be4968265d14f94047cc20bfadb7a7885eac06510973142de29e4000a
                                      • Instruction Fuzzy Hash: 95D0A73468030176D614B6B4380BF5DB568DB40B10F9021A4F258761C38FA04600C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2D10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2D17
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      • DevStudio/ISMobile/MobileRedists/MobileRedist[@Name="%s"]/ShortCabFileNames/ShortCabFileExt, xrefs: 00DE2D27
                                      • Hg, xrefs: 00DE2D21
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/ISMobile/MobileRedists/MobileRedist[@Name="%s"]/ShortCabFileNames/ShortCabFileExt$Hg
                                      • API String ID: 3502553090-3909887329
                                      • Opcode ID: bf4fb4573634a1978713f1d5dee1e0075e2a7c2d75ac360b18b036d49201ad74
                                      • Instruction ID: 58f60d41e331f8eb4d2fb174a59620ad55b4d8fa4224f341b92621625fd62edb
                                      • Opcode Fuzzy Hash: bf4fb4573634a1978713f1d5dee1e0075e2a7c2d75ac360b18b036d49201ad74
                                      • Instruction Fuzzy Hash: 01D0A77464030176D620B7B4280BF4DA5589B40B10F9021A4B259762C28FA04B00C339
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2ED0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2ED7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: ColumnDelimiter$Hg
                                      • API String ID: 3502553090-4095330383
                                      • Opcode ID: fc46d25d3835be6160ef25ff794fcef1b10e1563d55d0c39d276dcb0cdfc41d6
                                      • Instruction ID: 449c40570a411879bb3dc2a3cd12b6f0a024f6f78f516f7469e43912aba62f19
                                      • Opcode Fuzzy Hash: fc46d25d3835be6160ef25ff794fcef1b10e1563d55d0c39d276dcb0cdfc41d6
                                      • Instruction Fuzzy Hash: C2D0A730640311AAD614B2785807FDCB5589B40B10F9061947258762C3CFA04A40C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2E90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2E97
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      • Hg, xrefs: 00DE2EA1
                                      • DevStudio/IDE/Workspaces/SQLScripts/DBImport_BulkCopyProp, xrefs: 00DE2EA7
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/IDE/Workspaces/SQLScripts/DBImport_BulkCopyProp$Hg
                                      • API String ID: 3502553090-3177597692
                                      • Opcode ID: 6f3caa161a4ba2ccf6bb77dea408d6b9c8f79466468fba0f10bb4bc8e3ef95ed
                                      • Instruction ID: 764b402846821a13a4c8214489b1a492bc674008a92fe3b3ed84d15cda2be9bd
                                      • Opcode Fuzzy Hash: 6f3caa161a4ba2ccf6bb77dea408d6b9c8f79466468fba0f10bb4bc8e3ef95ed
                                      • Instruction Fuzzy Hash: BAD0A730A403056AD614B6B8580BF9CA9589B80B10F9061A4B218762C38FA04A00C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2E50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2E57
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$WINNT_OS_BUILD_NUMBERS
                                      • API String ID: 3502553090-2174830367
                                      • Opcode ID: 0d883749dc397b7a7c0992b074e4c7bafff120733fe503abf8c60f7994542a09
                                      • Instruction ID: 3ae59024accf3bbe41c0d21c645701f7b94221e0b458696ba71ebfd2c2573249
                                      • Opcode Fuzzy Hash: 0d883749dc397b7a7c0992b074e4c7bafff120733fe503abf8c60f7994542a09
                                      • Instruction Fuzzy Hash: 58D0A734680301BAD624B274680BF5CB564DB40B10F9021A4F258761C39FA44A01C739
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2FD0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2FD7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Name
                                      • API String ID: 3502553090-2540194944
                                      • Opcode ID: 204f9bfe6079ad9e788c0b87258b489c16a2bf3e4a9a405c0291a97bf347438a
                                      • Instruction ID: 63f988f26c8e68d69d1401f86764c0c5db868221a650c52384b7e6b80f1e64d4
                                      • Opcode Fuzzy Hash: 204f9bfe6079ad9e788c0b87258b489c16a2bf3e4a9a405c0291a97bf347438a
                                      • Instruction Fuzzy Hash: 6FD0A730A803016AD614B3B46807FCDE6689F40B10F9061A5B359B62C38FE14600C336
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2F90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2F97
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DefaultValue$Hg
                                      • API String ID: 3502553090-311568929
                                      • Opcode ID: 548bca988d996036e122d7f413198a64c2d8dd6f2d2c4509764a5f10010f0cdd
                                      • Instruction ID: 317f0b66ef00374eec788214611636abc197cc985be11ce35d9e2439a9f3be60
                                      • Opcode Fuzzy Hash: 548bca988d996036e122d7f413198a64c2d8dd6f2d2c4509764a5f10010f0cdd
                                      • Instruction Fuzzy Hash: E0D0C770A8034566DA15B6B46957F9DE668EB40B10F9062A4B359762C78FE04600C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2F50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2F57
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      • Hg, xrefs: 00DE2F61
                                      • DevStudio/IDE/Workspaces/SQLScripts/DBImport_ColumnType, xrefs: 00DE2F67
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/IDE/Workspaces/SQLScripts/DBImport_ColumnType$Hg
                                      • API String ID: 3502553090-3854917331
                                      • Opcode ID: 873357f8e16566d244bfe7025c62ba821efcb17f59ca13a436855085dccdd291
                                      • Instruction ID: 8e32f011bd65835bfe87ca0a3bf6d38296af821c0e4aabd6d245813484bd93ea
                                      • Opcode Fuzzy Hash: 873357f8e16566d244bfe7025c62ba821efcb17f59ca13a436855085dccdd291
                                      • Instruction Fuzzy Hash: 08D0A73464030066D618B6B45807F9CE968DB80B10F902198B218762C38FE04A00C339
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE2F10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE2F17
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$RowDelimiter
                                      • API String ID: 3502553090-3846352356
                                      • Opcode ID: 05d2b2bd043112a21b9f6a33a5fb555588e19d974ef8f685132d364a1d7e4359
                                      • Instruction ID: 46418b4de659c13ff3166c2b1ad9f0c3e51086e3d4494d895fa0f55f3f573572
                                      • Opcode Fuzzy Hash: 05d2b2bd043112a21b9f6a33a5fb555588e19d974ef8f685132d364a1d7e4359
                                      • Instruction Fuzzy Hash: E5D0A730A4030166DA14B2B4580BF5CE9689B40B10F907194B22C762C38FA04A00C336
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE30D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE30D7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: AdoCxnAdditional$Hg
                                      • API String ID: 3502553090-3478295291
                                      • Opcode ID: 398f0451b82a866df008f4e802cee056c1f25df5e45fb492464861a953f169cc
                                      • Instruction ID: bba293e550116aec9596c7de1f9df7fee0abc30a11f615c3c847595abb340a20
                                      • Opcode Fuzzy Hash: 398f0451b82a866df008f4e802cee056c1f25df5e45fb492464861a953f169cc
                                      • Instruction Fuzzy Hash: C0D0A770B443066ACA10B7B4580BFDCF5649B40B20FA06194B358762C7CFA04600C739
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE10F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE10F7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: FlashBB$Hg
                                      • API String ID: 3502553090-3398151595
                                      • Opcode ID: 0233bad8e0809180f7905464e23947ac0461aae6f7d5b69c01ed7ac2053399f3
                                      • Instruction ID: 84769f01aee712d012bd017199f3ae1b5463b5bac28e7d5acaebcfd89b4b7ba2
                                      • Opcode Fuzzy Hash: 0233bad8e0809180f7905464e23947ac0461aae6f7d5b69c01ed7ac2053399f3
                                      • Instruction Fuzzy Hash: D9D0A7307843057ACA10B3B06817F8CA5649B40710F9021587358B62C7CFA04601C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE3090 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE3097
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      • Hg, xrefs: 00DE30A1
                                      • DevStudio/IDE/Workspaces/SQLScripts/IS_MetaData, xrefs: 00DE30A7
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/IDE/Workspaces/SQLScripts/IS_MetaData$Hg
                                      • API String ID: 3502553090-1528970459
                                      • Opcode ID: ee8c3618ee38af099e824e3de93861de08f889bbcf075d0babf7b3adfc731430
                                      • Instruction ID: ee6ebcb4e90edaeb99aa5a685baf7f37bcf0d37d23657d5955e5b9e76b394ad0
                                      • Opcode Fuzzy Hash: ee8c3618ee38af099e824e3de93861de08f889bbcf075d0babf7b3adfc731430
                                      • Instruction Fuzzy Hash: D0D0A730A40305BACA20B274180BF9DA964AF80B10F9021A4B759B62C3CFA04700C736
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE3050 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE3057
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Type
                                      • API String ID: 3502553090-1167418799
                                      • Opcode ID: 0fc1d565ec8f11dd019ef186f576d572426a54744d4ae7dc974220a2d89f71d2
                                      • Instruction ID: 191a37a07f424402f4f929697db2ead8abe2df728c3c677659f39beddd85afc2
                                      • Opcode Fuzzy Hash: 0fc1d565ec8f11dd019ef186f576d572426a54744d4ae7dc974220a2d89f71d2
                                      • Instruction Fuzzy Hash: 2FD0A730B803456AC614F2B41C07F8CE5689F40B10FD02294F798762C2CFA04600C339
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE1070 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE1077
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: FlashBB$Hg
                                      • API String ID: 3502553090-3398151595
                                      • Opcode ID: 09e8b61458cbf1d42c1eeee2817a690ce51fdbfce43b7e9f0583c59e404b3caf
                                      • Instruction ID: d568994ff58710d3e3bb17342351ecdc3199d9243a2705c61be624dd6fd6fc96
                                      • Opcode Fuzzy Hash: 09e8b61458cbf1d42c1eeee2817a690ce51fdbfce43b7e9f0583c59e404b3caf
                                      • Instruction Fuzzy Hash: 84D0C7707443056ADA15B7646C17F9DE568EB80B20F902569B759761CBCFA04600D739
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE3010 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE3017
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Nullable
                                      • API String ID: 3502553090-525782422
                                      • Opcode ID: 6b65adb93d4879f6200a679923354e7a1b67ae48cc579328a851d9273fd288fe
                                      • Instruction ID: 0d0830afce1f3e6fc2cdb282c1c2a4a1a909f0404e654b949d3dc943fe13d966
                                      • Opcode Fuzzy Hash: 6b65adb93d4879f6200a679923354e7a1b67ae48cc579328a851d9273fd288fe
                                      • Instruction Fuzzy Hash: 67D0C770A4030566DA14B6B9695BF9DE5689B80B10F906294B65D762C7CFA04600C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE31D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE31D7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: AdoCxnPort$Hg
                                      • API String ID: 3502553090-3034929937
                                      • Opcode ID: c8a796253eec3f5041fbbb821384efa716d950f6486184098349005fbd4e85e7
                                      • Instruction ID: cab5fcb0749ecf70a03c7266b34e494818999f6b637482568740fc8bdf6d126c
                                      • Opcode Fuzzy Hash: c8a796253eec3f5041fbbb821384efa716d950f6486184098349005fbd4e85e7
                                      • Instruction Fuzzy Hash: 0FD0A7706543016ACA10B3A46C07F9DA954DB40710FA021A4B658761C78FA04A00C739
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE11F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE11F7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: FlashBB$Hg
                                      • API String ID: 3502553090-3398151595
                                      • Opcode ID: c67b489cd1ca5a8b332ab16adb0364ddee01f2a10fe1617f337c3d5cf8a66106
                                      • Instruction ID: 8c654cf1b848b55bcdfc8f12e1005ead470ce4e2e51d1f49782cac7864ae179d
                                      • Opcode Fuzzy Hash: c67b489cd1ca5a8b332ab16adb0364ddee01f2a10fe1617f337c3d5cf8a66106
                                      • Instruction Fuzzy Hash: B9D0C7706453056ADA14F7B4781BF9DB658AB40B10F902574B299762C7CFA04A00C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE3190 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE3197
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: AdoCxnNetLibrary$Hg
                                      • API String ID: 3502553090-1259192797
                                      • Opcode ID: 37bac200935e021934466a5d6729033896583fa95bb0f05270d7eac184efe3e8
                                      • Instruction ID: c652339fd878778d306091b18ffdad5815214926c12dab5ee30ca0ede0024ede
                                      • Opcode Fuzzy Hash: 37bac200935e021934466a5d6729033896583fa95bb0f05270d7eac184efe3e8
                                      • Instruction Fuzzy Hash: 48D0A7B064030176CB10B2742C07F9DE954EB80710F9021A4B398762C38FA04600C736
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE11B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE11B7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$IS_BBRD_LOOP_BILLBOARDS
                                      • API String ID: 3502553090-1006699862
                                      • Opcode ID: dfebbbf88bae570f4ad491956cf689a23be5b3c2c36037b0cd91d71ef5dbeadc
                                      • Instruction ID: 79e58a1f49c012e85d846ed6795549dde3df5ffd755ae64a95d44555ba4c3701
                                      • Opcode Fuzzy Hash: dfebbbf88bae570f4ad491956cf689a23be5b3c2c36037b0cd91d71ef5dbeadc
                                      • Instruction Fuzzy Hash: 9DD0C770B457056AD614B7646807F5DE568DB84710F906298B359762C7CFE54600C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE3150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE3157
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: AdoCxnDriver$Hg
                                      • API String ID: 3502553090-2378634597
                                      • Opcode ID: 2c6d613573d2c6f5c987bc2a99b6bf077e59208498a6acfe8a25239b8dacd2f3
                                      • Instruction ID: cdb46c04797c7687446a71fe1c24bef16688497095ed306c4ddc7b760a9a496c
                                      • Opcode Fuzzy Hash: 2c6d613573d2c6f5c987bc2a99b6bf077e59208498a6acfe8a25239b8dacd2f3
                                      • Instruction Fuzzy Hash: 9AD0A734A40305AACB20F2B4580BF9CA5649B80B20F902194B358B62C38FA04A00C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE1170 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE1177
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: FlashBB$Hg
                                      • API String ID: 3502553090-3398151595
                                      • Opcode ID: 5050031e8e1e5b1a4f064f2848a268155267bc413027f7750d4dca356911b150
                                      • Instruction ID: 4b489408c208b91d6b8e2a41b95544452bfc0514a51721a5ea40f4b1a76d9f38
                                      • Opcode Fuzzy Hash: 5050031e8e1e5b1a4f064f2848a268155267bc413027f7750d4dca356911b150
                                      • Instruction Fuzzy Hash: 72D0C7747853057ADA24B7646C0BF9DA5649B80710F906169B399761C7CFE04A00C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE3110 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE3117
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: AdoCxnDatabase$Hg
                                      • API String ID: 3502553090-3217029531
                                      • Opcode ID: 809a5834906c4fc348c7227cbb8c90da4db53707f1fe8bdac3586778bb72aad7
                                      • Instruction ID: e848a2a6eebda6e00680349d119323b9133e076ab83cde06001f2409e5e1e028
                                      • Opcode Fuzzy Hash: 809a5834906c4fc348c7227cbb8c90da4db53707f1fe8bdac3586778bb72aad7
                                      • Instruction Fuzzy Hash: 57D0C770B447066AD715B6B45C1FF9DE9649B80B10F9071A4F359761C78FA04600C775
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE1130 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE1137
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$IS_BBRD_LOOP_BILLBOARDS
                                      • API String ID: 3502553090-1006699862
                                      • Opcode ID: af64f4a1fb69dbe49dfb56884cb5a038abde3df82ead7353714732909d2a8c01
                                      • Instruction ID: 0404ae33d257313654f2f0f48cd533cfec17c79c2863a4de8679a38483ae0cb5
                                      • Opcode Fuzzy Hash: af64f4a1fb69dbe49dfb56884cb5a038abde3df82ead7353714732909d2a8c01
                                      • Instruction Fuzzy Hash: E0D0C770B847456ADA14F774681BF5DA5A89F40710F9021A9B359B62D78FA04A01C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE32D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE32D7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: AdoCxnWindowsSecurity$Hg
                                      • API String ID: 3502553090-3492233531
                                      • Opcode ID: e5ce0a0b4bc0a97d3f7e65ff9b435306700f197bf497019e7112548b71662391
                                      • Instruction ID: 045afcf8aea81d52272073f9ddb619ca93130a60a7df6a2ee271fa86c0736048
                                      • Opcode Fuzzy Hash: e5ce0a0b4bc0a97d3f7e65ff9b435306700f197bf497019e7112548b71662391
                                      • Instruction Fuzzy Hash: 90D0A770A403126AC650B2A42807F9DFA94DB80710F906294B25D761C3CFA04A00C73A
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE12F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE12F7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: BuildMaxScreenSupport$Hg
                                      • API String ID: 3502553090-1602383664
                                      • Opcode ID: 2264802c7f6f74cfbe739eecc1aaaf5bc22820c8723b1ae967da5a087d801f95
                                      • Instruction ID: 1981f0d796f3c77c3f8f72d662832e47c5060ad816e52a9e33a09509eb3335d2
                                      • Opcode Fuzzy Hash: 2264802c7f6f74cfbe739eecc1aaaf5bc22820c8723b1ae967da5a087d801f95
                                      • Instruction Fuzzy Hash: 29D0A7746403016AD620B3B05C0BF8DE5689BC0B10F903164B31CB62C38FE04640C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE3290 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE3297
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: AdoCxnUserID$Hg
                                      • API String ID: 3502553090-4182654405
                                      • Opcode ID: 9c03c8b08c4f02fe6591c8900f2c72a343dbe79417a00ede5c24726410302a68
                                      • Instruction ID: a2d7e74c0d1b34712b443af7c061a6ce09b08b95e48783c1530d115e7825fd2c
                                      • Opcode Fuzzy Hash: 9c03c8b08c4f02fe6591c8900f2c72a343dbe79417a00ede5c24726410302a68
                                      • Instruction Fuzzy Hash: 1AD0A7706403056AC710B2B4280BF5DF954DB80710F903194B658761C38FA44600C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE12B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE12B7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$IS_BBRD_LOOP_BILLBOARDS
                                      • API String ID: 3502553090-1006699862
                                      • Opcode ID: 4e8f5f9c9d9d67176fa96c573ef42dce4f5f5d6af7aa72f12d36755f62d04de6
                                      • Instruction ID: 262b0ba58efb6a3df13164424d3c683c47999cb07808b56aaad015ae74873d2e
                                      • Opcode Fuzzy Hash: 4e8f5f9c9d9d67176fa96c573ef42dce4f5f5d6af7aa72f12d36755f62d04de6
                                      • Instruction Fuzzy Hash: 2FD0C7707857056AD614B7B47807F5DA968DB40B60FA02264F259B62C38FA14700C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE3250 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE3257
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: AdoCxnServer$Hg
                                      • API String ID: 3502553090-2915351105
                                      • Opcode ID: b76a4b12558f7ce03887dc5bfeb5a3afd57a777374c230ab9b0e89da1f2d7db4
                                      • Instruction ID: e3a403d3e4b6a7e3fd579558ecb72e7762270074220d99a71c048580fcec0bf5
                                      • Opcode Fuzzy Hash: b76a4b12558f7ce03887dc5bfeb5a3afd57a777374c230ab9b0e89da1f2d7db4
                                      • Instruction Fuzzy Hash: 35D0A77468030566CA14B2642817F9DA568DB80B10FA02294B259761C3CFA14600D736
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE1270 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE1277
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: FlashBB$Hg
                                      • API String ID: 3502553090-3398151595
                                      • Opcode ID: c0a0e77ebc27dbc44a16ce87524dcd30fd68d57f847f662a088669bfeac39088
                                      • Instruction ID: a7f3fbfd9925316720399eed852299e7fcb4c1805a9992b1726ec3bb29032afe
                                      • Opcode Fuzzy Hash: c0a0e77ebc27dbc44a16ce87524dcd30fd68d57f847f662a088669bfeac39088
                                      • Instruction Fuzzy Hash: FDD0C7707453056ADA14B7B46847F9DB9589B40B10FA03264B659762C7CFE04600C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE3210 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE3217
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: AdoCxnPassword$Hg
                                      • API String ID: 3502553090-557532285
                                      • Opcode ID: d9c83ddb45bfac49e1b5327896dc7532c3a9543735ef1f334119a142895afca0
                                      • Instruction ID: 8be106ae43243f708d05d486898f0d7b6d598b2096ee4679b5090fac12f1e8c6
                                      • Opcode Fuzzy Hash: d9c83ddb45bfac49e1b5327896dc7532c3a9543735ef1f334119a142895afca0
                                      • Instruction Fuzzy Hash: D6D0A77064430566DA50B2A42847F5DEA54DB40710F902194B2A9772C38FA04A01C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE1230 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE1237
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$IS_BBRD_LOOP_BILLBOARDS
                                      • API String ID: 3502553090-1006699862
                                      • Opcode ID: bc818648ca68e48cf1a290767e4a8cf448a5f8573d9c1c5e9f0693fcf14fdb19
                                      • Instruction ID: 391c923fef331d011c4388df0d5f76ad37df9c2645bc55fb783d7bcb97dd9897
                                      • Opcode Fuzzy Hash: bc818648ca68e48cf1a290767e4a8cf448a5f8573d9c1c5e9f0693fcf14fdb19
                                      • Instruction Fuzzy Hash: 66D0C7706457497ADA54B7B46807F5DE5589B80B50F9022A4F299762D38FA04601C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE33D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE33D7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Default$Hg
                                      • API String ID: 3502553090-1205740301
                                      • Opcode ID: e3fe91e299977e3cd16bbb4b580ff4f76f11f00dde7afb2f9efafc83a01a569b
                                      • Instruction ID: 7fdebe52dcca59129a0ebe80816deb0601649fb9f1be7d7c403c6a6797ac8708
                                      • Opcode Fuzzy Hash: e3fe91e299977e3cd16bbb4b580ff4f76f11f00dde7afb2f9efafc83a01a569b
                                      • Instruction Fuzzy Hash: F3D0A7706443016ACB14B3A4281BF9DF954DB40B10F903194F298761D68FA08600C739
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE13F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE13F7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      • DevStudio/IDE/Workspaces/ClickOnce/Permissions/*, xrefs: 00DE1407
                                      • Hg, xrefs: 00DE1401
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/IDE/Workspaces/ClickOnce/Permissions/*$Hg
                                      • API String ID: 3502553090-3062682689
                                      • Opcode ID: 7ba447cf6781a13e802b31d87ad9936877aa89a086a9d04830530294fbfdbf29
                                      • Instruction ID: 6412f86bfd145e081b60a5f2ca981aea862687ecb49f38fc3172f72c48f005e8
                                      • Opcode Fuzzy Hash: 7ba447cf6781a13e802b31d87ad9936877aa89a086a9d04830530294fbfdbf29
                                      • Instruction Fuzzy Hash: 59D0A730A4030466CA10B674180BF9CE658AB40F20F903165F21DB62C38FF04A00C339
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE3390 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE3397
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: CreateTableCmd$Hg
                                      • API String ID: 3502553090-2780630284
                                      • Opcode ID: db88e26e3ab2bda466f7e851b5f2baab3bee8170d82e625444be75b564568841
                                      • Instruction ID: f47c36ff1d98c0a42205e4700caf7fd4219ae7eb6ce4e983de2b1d479e33a459
                                      • Opcode Fuzzy Hash: db88e26e3ab2bda466f7e851b5f2baab3bee8170d82e625444be75b564568841
                                      • Instruction Fuzzy Hash: 12D0A7B0B4430166CB14B3742C0BF5DA964EB80B10F9032A4F298761C3DFA44A00C739
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE13B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE13B7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$PlatformString
                                      • API String ID: 3502553090-3889736310
                                      • Opcode ID: 1ea0e584c6c650c6e68f763bc6f1cc461c2e1a9ee37af7ee142df7295d562f8f
                                      • Instruction ID: 1a07cc658ce775998cc116a40f7cf95bc30d5bf6d28195133482e4add648b012
                                      • Opcode Fuzzy Hash: 1ea0e584c6c650c6e68f763bc6f1cc461c2e1a9ee37af7ee142df7295d562f8f
                                      • Instruction Fuzzy Hash: A6D0C7746407056EDE24B7B4580BF5DA6689B40B20F9061657259762C39FE55600C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE3350 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE3357
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: CreateDbCmd$Hg
                                      • API String ID: 3502553090-1943399485
                                      • Opcode ID: 852f69185509bc88f8bbdbf98ff245f21ec3d796cd0168273c7df4ee43add3ee
                                      • Instruction ID: 84363a145b65b0e405235550dadedcd4c31d0b29117539c653b33ba34f49e199
                                      • Opcode Fuzzy Hash: 852f69185509bc88f8bbdbf98ff245f21ec3d796cd0168273c7df4ee43add3ee
                                      • Instruction Fuzzy Hash: 7BD0C77464430566D614B7A47807F9EA654DF80710F9065E8F359761D39FA15A00C736
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE1370 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE1377
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$PlatformName
                                      • API String ID: 3502553090-778990322
                                      • Opcode ID: e2e3e1f092ad5df5669fe0aa14e859d0de1fec879d01b90a76482e8df2e6b807
                                      • Instruction ID: 41fb8d576b80462779045a66d954e32575da4758171cd17eafada67f17024bcf
                                      • Opcode Fuzzy Hash: e2e3e1f092ad5df5669fe0aa14e859d0de1fec879d01b90a76482e8df2e6b807
                                      • Instruction Fuzzy Hash: 5AD0A73064030166DA10B3F4280BF4DE5589BC0B10F906264B21C762C38FF04A00C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE3310 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE3317
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: AdoDriverName$Hg
                                      • API String ID: 3502553090-471935453
                                      • Opcode ID: b9a05e6ebcc84f1e235d1e5a5570c858fc2756b43d8988f65f1d33277df8fbf4
                                      • Instruction ID: b287c67b219c29b0642d44993792deae3c99074a844b38837348eb08bddb33ba
                                      • Opcode Fuzzy Hash: b9a05e6ebcc84f1e235d1e5a5570c858fc2756b43d8988f65f1d33277df8fbf4
                                      • Instruction Fuzzy Hash: A3D0A77064430176DA10F2B4280BF5DA554DB40710F9022A4B35D761C38FA04600C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE1330 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE1337
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DeviceName$Hg
                                      • API String ID: 3502553090-4257129362
                                      • Opcode ID: 4d932b77c324fd56df1f05ca9ffc18b21ab8a7a95e54ec0f5e3830f8133a3f47
                                      • Instruction ID: e50ab530e56e54e88074e2c21bd9ce04890032db7dad969df005591b11e015ce
                                      • Opcode Fuzzy Hash: 4d932b77c324fd56df1f05ca9ffc18b21ab8a7a95e54ec0f5e3830f8133a3f47
                                      • Instruction Fuzzy Hash: 00D0C77064031566DA14B6B45C5BF5DB5589B80B20FA06165B259B62C3CFE45701C736
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE34D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE34D7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DsnODBCName$Hg
                                      • API String ID: 3502553090-954073685
                                      • Opcode ID: bb7798620e9c967c0bad70bb16b37f9a816f50a1f7fb83a1956d07eb55b79209
                                      • Instruction ID: e39b15478bd6bc68c0fd35169ddd936b23dead7382c7b28be4044311fa93af89
                                      • Opcode Fuzzy Hash: bb7798620e9c967c0bad70bb16b37f9a816f50a1f7fb83a1956d07eb55b79209
                                      • Instruction Fuzzy Hash: 91D0A770A443026ACB14B7606C0BF5CE994DB40B10F906164B358762C3DFA04600C339
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE14F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE14F7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$IS_Action
                                      • API String ID: 3502553090-3945536787
                                      • Opcode ID: b060bee8d8697e53664f9f05cc22066995871f2d4a9be0484ff5ae7100bf6ca0
                                      • Instruction ID: 52ea364bb003f31324c65bc44be4e87e3282aefb0829f996d9c893c23a4c227f
                                      • Opcode Fuzzy Hash: b060bee8d8697e53664f9f05cc22066995871f2d4a9be0484ff5ae7100bf6ca0
                                      • Instruction Fuzzy Hash: C8D0A73064030466CA34B2B4280BF5DA954DB80F20FD06264B66DB61C28FE04600C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE3490 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE3497
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$PRQFileX86
                                      • API String ID: 3502553090-4078488656
                                      • Opcode ID: 4f396ec94da95a05db029fda2a19cf11d7a6822c4cf24e50704bc9ac38491cb1
                                      • Instruction ID: a95685021428ea7780d3f559c648ef764572b51a908831f4af18f59bfe92914c
                                      • Opcode Fuzzy Hash: 4f396ec94da95a05db029fda2a19cf11d7a6822c4cf24e50704bc9ac38491cb1
                                      • Instruction Fuzzy Hash: 8DD0A770A403026AD724B7A4280BF9DA958DB40B10F906294F219763C3CFE04600C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE14B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE14B7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Zones
                                      • API String ID: 3502553090-2178473039
                                      • Opcode ID: 9f1132d0d605fa54cb020b5dbf1e30b51422e509b8f47ca06e6abc0e4d3f3f94
                                      • Instruction ID: 1243911ebd9f60575cb9300379e358c6aaf40be998ac586b692f28da846cb9f4
                                      • Opcode Fuzzy Hash: 9f1132d0d605fa54cb020b5dbf1e30b51422e509b8f47ca06e6abc0e4d3f3f94
                                      • Instruction Fuzzy Hash: 13D0C770A417056ADB14B6B4580BF9DA6589B40F10F946255B25D762D7CFF04600C73E
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE3450 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE3457
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$PRQFileX64
                                      • API String ID: 3502553090-2207613170
                                      • Opcode ID: 752817f7ca6b7a4270a1704566129e66547f74d1609b3879b2332392f5ab6250
                                      • Instruction ID: e7b904811a587f9fd38cd3e5258de312d3c5fb1cf2bb264a27e48695a1336b90
                                      • Opcode Fuzzy Hash: 752817f7ca6b7a4270a1704566129e66547f74d1609b3879b2332392f5ab6250
                                      • Instruction Fuzzy Hash: DCD0A770A4130166CA14B674280BF5DEA58DB40B10F9022A4F258762C3CFA14A00C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE1470 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE1477
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Source
                                      • API String ID: 3502553090-4203010165
                                      • Opcode ID: b30e24cd27e67ad682fa07ff343b2b4bc9e6177e15819f117d2c8a1dc79a2236
                                      • Instruction ID: 535b4ca47523cdf1641716d475fe427c2cf767e961641993b38110c8ad205147
                                      • Opcode Fuzzy Hash: b30e24cd27e67ad682fa07ff343b2b4bc9e6177e15819f117d2c8a1dc79a2236
                                      • Instruction Fuzzy Hash: 94D0C774A41305A6DA25B7B4594BF5DAA589B40F10F906254B659762C7CFA04600C739
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE3410 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE3417
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DisplayName$Hg
                                      • API String ID: 3502553090-594745838
                                      • Opcode ID: d0d50388335445e3db28267e2b3fe8a635c5827e70f109ac3a4cec865c9bed7d
                                      • Instruction ID: 7820d01b54c3cf391499f1d2a5f4f680e9e7cf6c1e703e657b45fc5420b62bdc
                                      • Opcode Fuzzy Hash: d0d50388335445e3db28267e2b3fe8a635c5827e70f109ac3a4cec865c9bed7d
                                      • Instruction Fuzzy Hash: 68D0A7707453016ACE14B2A4280FF9CA959DB40B10F9021A4F258B62C3CFA04600C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE1430 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE1437
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$MetaData
                                      • API String ID: 3502553090-4056854505
                                      • Opcode ID: a214f57bfaff4c5e81bdbb919245b4a4416254c5e50cec92f3aeeb9d10dacf90
                                      • Instruction ID: 7dae67a71fcdbb22d619dd57d20fffadb697a80b755ffd9a340b419f75661e65
                                      • Opcode Fuzzy Hash: a214f57bfaff4c5e81bdbb919245b4a4416254c5e50cec92f3aeeb9d10dacf90
                                      • Instruction Fuzzy Hash: 86D0C770A4174576D614B6B4680BF5DE668DB40F10F906254B25E762D78FA44700C739
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE35D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE35D7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Name
                                      • API String ID: 3502553090-2540194944
                                      • Opcode ID: 567a141a51fba6fe29fce5b12378cc18e5413a5e8c3c2967ce21bef16e89177e
                                      • Instruction ID: 2d04638261d54b175d372f102da52e22402cbf444d413634e86eeeed18dcf5d0
                                      • Opcode Fuzzy Hash: 567a141a51fba6fe29fce5b12378cc18e5413a5e8c3c2967ce21bef16e89177e
                                      • Instruction Fuzzy Hash: F5D0A7706447016AD614B3A07807F8EA564DB80720FA062A4B359761D38FE04600C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE15F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE15F7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Name
                                      • API String ID: 3502553090-2540194944
                                      • Opcode ID: 3b0e1e2dd12844ae2a7fd577776520022bebab6c954acdfacd04185ce0a87184
                                      • Instruction ID: ab3f337e53b2f066e793ae39c019da17a6279ad7a61a1928a5477a38f350b00e
                                      • Opcode Fuzzy Hash: 3b0e1e2dd12844ae2a7fd577776520022bebab6c954acdfacd04185ce0a87184
                                      • Instruction Fuzzy Hash: F6D0A77068430066DA10B270680BF8CA554AB80B20F9065B4F25CB61C38FE15700C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE3590 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE3597
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$LocalInstanceNames
                                      • API String ID: 3502553090-427562350
                                      • Opcode ID: a499547973805a1e2d98a9d0f8fa35275c40b8b998fe9da92b2b846289e1a7e4
                                      • Instruction ID: d1f3b990a6c0f3677d1e22537f71d63a529c6efff9a336b13bdfbf7e263b9efb
                                      • Opcode Fuzzy Hash: a499547973805a1e2d98a9d0f8fa35275c40b8b998fe9da92b2b846289e1a7e4
                                      • Instruction Fuzzy Hash: BCD0A7B064430166CE10B3742807F5CE554FB80720F902564B25A762C3DFA04600C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE3550 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE3557
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$ISAttributes
                                      • API String ID: 3502553090-2567738918
                                      • Opcode ID: 16b19b4965585a0482f80a9176042b9abcbf4201f526e1fc8b0917f157277b5b
                                      • Instruction ID: 246085db21824122811b7900ef9bb0f6eb75cc05d181a34132127442865a5d59
                                      • Opcode Fuzzy Hash: 16b19b4965585a0482f80a9176042b9abcbf4201f526e1fc8b0917f157277b5b
                                      • Instruction Fuzzy Hash: 1FD0A770A4030166C610B3B4280BF9DBA68DB80B10FD02298B358761C3DFA04A40C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE1570 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE1577
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Hidden
                                      • API String ID: 3502553090-760434363
                                      • Opcode ID: 8e8caf4f2cb19ea738f948792abbe69b894081f1019e8fc8542797b88083eccb
                                      • Instruction ID: 8f4d4f53b93b94677d26c95d3508e85f48fd3c1d9007ff5015909449cd94b454
                                      • Opcode Fuzzy Hash: 8e8caf4f2cb19ea738f948792abbe69b894081f1019e8fc8542797b88083eccb
                                      • Instruction Fuzzy Hash: E0D0A73064530466D610B374680BF5CE5549BC0F20F9072A4B25C761C28FA08740C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE3510 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE3517
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$InsertRecordCmd
                                      • API String ID: 3502553090-3637730894
                                      • Opcode ID: 841d55b0efedf40d19e95dfafbabe63355bbb61f3a15d31cffc3900cef4ed8f1
                                      • Instruction ID: a7f2672fb3d7ec14d8d5f3919680d9db03a6db0d22e5d21b6f4e92fa600a8072
                                      • Opcode Fuzzy Hash: 841d55b0efedf40d19e95dfafbabe63355bbb61f3a15d31cffc3900cef4ed8f1
                                      • Instruction Fuzzy Hash: D2D0A7B0A4530166CA14B2A02C0BF5CA964DB40B10F906154B298761C3DFA44A00C739
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE1530 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE1537
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Description$Hg
                                      • API String ID: 3502553090-688509678
                                      • Opcode ID: 00c003cf7b0f96ac6e9160eedd39950102029b057d7acabf469d5d7cfe81302f
                                      • Instruction ID: a0fd4447d65998ea778d3f6c50b19b4d3b2a9e2c6c9eea34edd11220285e8d22
                                      • Opcode Fuzzy Hash: 00c003cf7b0f96ac6e9160eedd39950102029b057d7acabf469d5d7cfe81302f
                                      • Instruction Fuzzy Hash: 4BD0C77074534966DA24B774580BF5DA5549B80F10F906164B69D761C2DFA14701C739
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE36D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE36D7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$QueryDatabasesCmd
                                      • API String ID: 3502553090-2775652104
                                      • Opcode ID: 4d5126e54764ee6593150cb422cb03ef16c53dfe93ba258fcf4a411bd2fc0f06
                                      • Instruction ID: 85cdcd1354da30fba1248c6292fd8a932fad2814c0c62bf28396928337dbf2e6
                                      • Opcode Fuzzy Hash: 4d5126e54764ee6593150cb422cb03ef16c53dfe93ba258fcf4a411bd2fc0f06
                                      • Instruction Fuzzy Hash: 72D0C770A453066ADA14B6646C07F9DE668DB80720F9062A4735D762D7DFA04A00D739
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE16F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE16F7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/DIM/Languages/Language$Hg
                                      • API String ID: 3502553090-301954854
                                      • Opcode ID: 2ce5323647a503f88ade46f5bfcf77bb11c2a9ad3b1e7c6f9ce72f7cfcd310af
                                      • Instruction ID: 9315b9021dc7a80ede589d8fa77d433c57c788d3b98392dbf370e5ce7f104346
                                      • Opcode Fuzzy Hash: 2ce5323647a503f88ade46f5bfcf77bb11c2a9ad3b1e7c6f9ce72f7cfcd310af
                                      • Instruction Fuzzy Hash: 0DD0A734A40304AADA10B2B4580BF9CEA589B40B20FA06664B218F62C3CFA04600C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE3690 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE3697
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Value
                                      • API String ID: 3502553090-426063123
                                      • Opcode ID: a3a633f2354b2dc5757c4170c5aad6807ccf9d536130df4f4b0124d36578042d
                                      • Instruction ID: 2f77cf09ca97f7b23d7bb1975e86d889dfd81c8bcfb529e9ec9e1a1422673cbb
                                      • Opcode Fuzzy Hash: a3a633f2354b2dc5757c4170c5aad6807ccf9d536130df4f4b0124d36578042d
                                      • Instruction Fuzzy Hash: 7BD0A7706453056AD610B264AC07F8CAA5CDB80720FD06164B35CB62D38FE04601C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE16B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE16B7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/IDE/Workspaces/CustomAction/*$Hg
                                      • API String ID: 3502553090-2759438068
                                      • Opcode ID: c519948879047195142bf794c47686708b2417e47746ab7e676f9891caac59dd
                                      • Instruction ID: 8212ce44698cf47b6c69a7d1518edd0a804056c3168acf8e0d72a477214571b8
                                      • Opcode Fuzzy Hash: c519948879047195142bf794c47686708b2417e47746ab7e676f9891caac59dd
                                      • Instruction Fuzzy Hash: FDD0C7706447056ADA14B7745847F5DE9949B80B20F9062547659B62D2CFF44A00C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE3650 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE3657
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Name
                                      • API String ID: 3502553090-2540194944
                                      • Opcode ID: 4ba8f5bc4e6697102c18057c4d3fafa06bb932b450c4b9b22b6bd9768bf8f51d
                                      • Instruction ID: 2688e16a71e50ee45fa4ee03789bde28aa78990969ed31683c3a5fb00178cff1
                                      • Opcode Fuzzy Hash: 4ba8f5bc4e6697102c18057c4d3fafa06bb932b450c4b9b22b6bd9768bf8f51d
                                      • Instruction Fuzzy Hash: 77D0A77068530166DA10B2746807F8CA658DB40720F9061A8F358762C38FE04A00C336
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE1670 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE1677
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      • DevStudio/IDE/Workspaces/CustomAction/IS_Action[@Name="{GUID}.%s"], xrefs: 00DE1687
                                      • Hg, xrefs: 00DE1681
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/IDE/Workspaces/CustomAction/IS_Action[@Name="{GUID}.%s"]$Hg
                                      • API String ID: 3502553090-602146015
                                      • Opcode ID: 0bdd42fd2e6761d945ccd7a6dc8c8c17c7d6b3bc599bd595d6c11d4f8d37127d
                                      • Instruction ID: e8568c671f138a68deb3b07578a73192eef7f1641aa17dcf539e17e9d01f70d7
                                      • Opcode Fuzzy Hash: 0bdd42fd2e6761d945ccd7a6dc8c8c17c7d6b3bc599bd595d6c11d4f8d37127d
                                      • Instruction Fuzzy Hash: 11D0A730644305AACA10B6B41C07F4CA6549BC0B20F906254B358761C6CFA04700C339
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE3610 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE3617
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      • DevStudio/IDE/Workspaces/SQLScripts/IS_MetaData[@Name="%s"]/Properties/Property, xrefs: 00DE3627
                                      • Hg, xrefs: 00DE3621
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: DevStudio/IDE/Workspaces/SQLScripts/IS_MetaData[@Name="%s"]/Properties/Property$Hg
                                      • API String ID: 3502553090-3002138664
                                      • Opcode ID: 5a402b88ba71f8749daf423c083d62b4ff0a563a31510b501c53310e0e50e6a7
                                      • Instruction ID: ad87532da2401b7382bb462e1cdd7133d55945247506b5a301e09bae5f0450ea
                                      • Opcode Fuzzy Hash: 5a402b88ba71f8749daf423c083d62b4ff0a563a31510b501c53310e0e50e6a7
                                      • Instruction Fuzzy Hash: A0D0A77064130166DA50B6A42807F9DA658DB80720F903154B228762D39FA04600D739
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE1630 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE1637
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Type
                                      • API String ID: 3502553090-1167418799
                                      • Opcode ID: a92953d7d7683d4b783f3867e47e2498a4537b1898a09218c1920f18c4587bde
                                      • Instruction ID: 3f91c96a551447032710c472c4047ac232d40d148ee648d3440e8a1a260694aa
                                      • Opcode Fuzzy Hash: a92953d7d7683d4b783f3867e47e2498a4537b1898a09218c1920f18c4587bde
                                      • Instruction Fuzzy Hash: 13D0A7306413056AC610B2B05807F4DE5549B40B20FD07264F29DB61D2DFA04700C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE37D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE37D7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$SelectTableCmd
                                      • API String ID: 3502553090-142094287
                                      • Opcode ID: 038e276e20f326ef9295b27a736fc2e6e77e4567ea61f0bdaed21eba5a5fe1d7
                                      • Instruction ID: adb780fedd028b0ee5568d53079ef8c2f8f85d3b1ec8f30823e6c50d33f41a97
                                      • Opcode Fuzzy Hash: 038e276e20f326ef9295b27a736fc2e6e77e4567ea61f0bdaed21eba5a5fe1d7
                                      • Instruction Fuzzy Hash: CDD0A770A403017ADA14B7A03807F5DA5A8DB40B10F902254B259762D3DFE04600C735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE17F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE17F7
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$Name
                                      • API String ID: 3502553090-2540194944
                                      • Opcode ID: d20ba9889bcdf751277bb9df8b8d791d19e13a29e3f7338c1cc39f5e60ff2515
                                      • Instruction ID: a6ef92e39028facfb7fa17b3bc864a1fb9ffe1800e10c9fd70a9da803886e858
                                      • Opcode Fuzzy Hash: d20ba9889bcdf751277bb9df8b8d791d19e13a29e3f7338c1cc39f5e60ff2515
                                      • Instruction Fuzzy Hash: FBD0A770644304B6DA10B2B06807F8DA958AB80B10F9071A5F21CF62C3CFE04700C335
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00DE3790 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                      Download Yara Rule
                                      APIs
                                      • __EH_prolog3.LIBCMT ref: 00DE3797
                                        • Part of subcall function 00DE7AA0: GetLastError.KERNEL32(7B1078F4), ref: 00DE7AE4
                                        • Part of subcall function 00DE7AA0: SetLastError.KERNEL32(?,?,?,00E965D4,00000000,?,?,?,?,000000FF), ref: 00DE7B5A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast$H_prolog3
                                      • String ID: Hg$ScriptVersion_Table
                                      • API String ID: 3502553090-2420298036
                                      • Opcode ID: d44657142d2af0edf603b6c7f8288153eaccea7511c42fba30f36ff41366a4ab
                                      • Instruction ID: a40ad6ba3653d9eb7bdbd0226b41978379f54cc314c7c92f9a04a80909580c53
                                      • Opcode Fuzzy Hash: d44657142d2af0edf603b6c7f8288153eaccea7511c42fba30f36ff41366a4ab
                                      • Instruction Fuzzy Hash: 01D0A7B0641301B6DA20B2642807F9CA668EB40710F902264B32C7A2C3DFA04600C739
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E1C6C4 Relevance: 5.0, APIs: 4, Instructions: 43stringCOMMON
                                      Download Yara Rule
                                      APIs
                                      • lstrcmpiW.KERNEL32(00E96580,00E96580), ref: 00E1C6CF
                                      • lstrcmpiW.KERNEL32(00E96584,00E96584), ref: 00E1C6EF
                                      • lstrcmpiW.KERNEL32(00E96588,00E96588), ref: 00E1C708
                                      • lstrcmpiW.KERNEL32(00E9658C,00E9658C), ref: 00E1C71E
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: lstrcmpi
                                      • String ID:
                                      • API String ID: 1586166983-0
                                      • Opcode ID: 1c40d02f1944cf1a84816fa5284f9b962b650835ec7e02e9caa3174f2664b9e9
                                      • Instruction ID: 964894de6527b3ea159028010795be5bddce98aeb2f19e8011e91536d0c9d1d4
                                      • Opcode Fuzzy Hash: 1c40d02f1944cf1a84816fa5284f9b962b650835ec7e02e9caa3174f2664b9e9
                                      • Instruction Fuzzy Hash: 1F0181313E4208AFDF115F35EC41AE63B65EB00B59B106526F809FA4B0EB719980AB44
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00E447E0 Relevance: 5.0, APIs: 4, Instructions: 34COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLastError.KERNEL32(?,?,00E447C4,?,?,?), ref: 00E447E6
                                      • GetLastError.KERNEL32(?,?,00E447C4,?,?,?), ref: 00E447F0
                                      • SetLastError.KERNEL32(00000000,?,?,00E447C4,?,?,?), ref: 00E44832
                                      • SetLastError.KERNEL32(00000000,?,?,00E447C4,?,?,?), ref: 00E4483C
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2231529654.0000000000DE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DE0000, based on PE: true
                                      • Associated: 00000000.00000002.2231511802.0000000000DE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231591525.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EB7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231621904.0000000000EBD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000EF1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2231665359.0000000000F01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_de0000_AGLCStructuredSettlementsInstaller.jbxd
                                      Similarity
                                      • API ID: ErrorLast
                                      • String ID:
                                      • API String ID: 1452528299-0
                                      • Opcode ID: 3fd5736e2a6111253a9011bee512149f00a100a567a6c55d514657f8b531e0d5
                                      • Instruction ID: a08c0c689f2ff70ee5631576320f9ba06af54bc934de0758b9b4852e258f435b
                                      • Opcode Fuzzy Hash: 3fd5736e2a6111253a9011bee512149f00a100a567a6c55d514657f8b531e0d5
                                      • Instruction Fuzzy Hash: 32F0F071300A44AFDB2A1F22FC0C79D7B95BB1531AF10A41AF54AB21E0CB758881D740
                                      Uniqueness

                                      Uniqueness Score: -1.00%